Author: stef-guest Date: 2007-05-02 21:57:19 +0000 (Wed, 02 May 2007) New Revision: 5773 Modified: data/CVE/list Log: - new libimager-perl issue - new javascript hijacking issue in various ajax toolkits - new mydns issue fixed - new gimp issue fixed - new axis issue unimportant - some NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-05-02 21:14:17 UTC (rev 5772) +++ data/CVE/list 2007-05-02 21:57:19 UTC (rev 5773) @@ -5,17 +5,17 @@ CVE-2007-2417 RESERVED CVE-2007-2416 (SQL injection vulnerability in home.php in E-Annu allows remote ...) - TODO: check + NOT-FOR-US: E-Annu CVE-2007-2415 (Pi3Web Web Server 2.0.3 PL1 allows remote attackers to cause a denial ...) - TODO: check + NOT-FOR-US: Pi3Web Web Server CVE-2007-2414 (MyServer before 0.8.8 allows remote attackers to cause a denial of ...) - TODO: check + NOT-FOR-US: MyServer CVE-2007-2413 (Heap-based buffer overflow in Imager before 0.57 allows remote ...) - TODO: check + - libimager-perl <unfixed> (bug #421582) CVE-2007-2412 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: Seir Anphin CVE-2007-2411 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: Sphider CVE-2007-2410 RESERVED CVE-2007-2409 @@ -67,71 +67,73 @@ CVE-2007-2386 RESERVED CVE-2007-2385 (The Yahoo! UI framework exchanges data using JavaScript Object ...) - TODO: check + TODO: check yui + TODO: see http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf CVE-2007-2384 (The Script.aculo.us framework exchanges data using JavaScript Object ...) - TODO: check + TODO: check glpi knowledgeroot mt-daapd op-panel python-webhelpers qwik rails wordpress CVE-2007-2383 (The Prototype (prototypejs) framework exchanges data using JavaScript ...) - TODO: check + TODO: check glpi hobix knowledgeroot libbio-ruby1.8 mt-daapd op-panel poker-web python-webhelpers qwik rails wordpress CVE-2007-2382 (The Moo.fx framework exchanges data using JavaScript Object Notation ...) TODO: check CVE-2007-2381 (The MochiKit framework exchanges data using JavaScript Object Notation ...) - TODO: check + TODO: check python-paste CVE-2007-2380 (The Microsoft Atlas framework exchanges data using JavaScript Object ...) TODO: check CVE-2007-2379 (The jQuery framework exchanges data using JavaScript Object Notation ...) TODO: check CVE-2007-2378 (The Google Web Toolkit (GWT) framework exchanges data using JavaScript ...) - TODO: check + NOT-FOR-US: Google Web Toolkit (GWT) CVE-2007-2377 (The Getahead Direct Web Remoting (DWR) framework 1.1.4 exchanges data ...) TODO: check CVE-2007-2376 (The Dojo framework exchanges data using JavaScript Object Notation ...) - TODO: check + NOT-FOR-US: Dojo CVE-2007-2375 (The agent remote upgrade interface in Symantec Enterprise Security ...) - TODO: check + NOT-FOR-US: Symantec CVE-2007-2374 (Unspecified vulnerability in Microsoft Windows 2000, XP, and Server ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2007-2373 (SQL injection vulnerability in viewcat.php in the WF-Links (wflinks) ...) - TODO: check + NOT-FOR-US: WF-Links (wflinks) module for XOOPS CVE-2007-2372 (admin/send_mod.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and ...) - TODO: check + NOT-FOR-US: phpMyNewsletter CVE-2007-2371 (admin/index.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and ...) - TODO: check + NOT-FOR-US: phpMyNewsletter CVE-2007-2370 (SQL injection vulnerability in index.php in the John Mordo Jobs 2.4 ...) - TODO: check + NOT-FOR-US: Jobs module for XOOPS CVE-2007-2369 (Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 ...) - TODO: check + NOT-FOR-US: WebSPELL CVE-2007-2368 (picture.php in WebSPELL 4.01.02 and earlier allows remote attackers to ...) - TODO: check + NOT-FOR-US: WebSPELL CVE-2007-2367 (Buffer overflow in wserve_console.exe in Wserve HTTP Server (whttp) ...) - TODO: check + NOT-FOR-US: Wserve HTTP Server (whttp) CVE-2007-2366 (Buffer overflow in Corel Paint Shop Pro 11.20 allows user-assisted ...) - TODO: check + NOT-FOR-US: Corel CVE-2007-2365 (Buffer overflow in Adobe Photoshop CS2 and CS3, and Photoshop Elements ...) - TODO: check + NOT-FOR-US: Adobe CVE-2007-2364 (Multiple PHP remote file inclusion vulnerabilities in burnCMS 0.2 and ...) - TODO: check + NOT-FOR-US: burnCMS CVE-2007-2363 (Buffer overflow in IrfanView 4.00 and earlier allows user-assisted ...) - TODO: check + NOT-FOR-US: IrfanView CVE-2007-2362 (Multiple buffer overflows in MyDNS 1.1.0 allow remote attackers to (1) ...) - TODO: check + - mydns 1:1.1.0-8 CVE-2007-2361 (Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and ...) - TODO: check + NOT-FOR-US: Symantec CVE-2007-2360 (Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and ...) - TODO: check + NOT-FOR-US: Symantec CVE-2007-2359 (Buffer overflow in Ghost Service Manager, as used in Symantec Norton ...) - TODO: check + NOT-FOR-US: Symantec CVE-2007-2358 (** DISPUTED ** ...) TODO: check CVE-2007-2357 (Cross-site scripting (XSS) vulnerability in mods/Core/result.php in ...) - TODO: check + NOT-FOR-US: SineCms CVE-2007-2356 (Stack-based buffer overflow in the set_color_table function in ...) - TODO: check + - gimp 2.2.14-2 CVE-2007-2355 (The get_url function in DODS_Dispatch.pm for the CGI_server in OPeNDAP ...) - TODO: check + NOT-FOR-US: OPeNDAP CVE-2007-2354 (Progress Webspeed Messenger allows remote attackers to obtain ...) - TODO: check + NOT-FOR-US: Progress Webspeed Messenger CVE-2007-2353 (Apache Axis 1.0 allows remote attackers to obtain sensitive ...) - TODO: check + - axis <unfixed> (unimportant) + NOTE: only path disclosure CVE-2007-2352 (Multiple format string vulnerabilities in AFFLIB 2.2.6 allow remote ...) TODO: check CVE-2007-2351 (Unspecified vulnerability in the HP Power Manager Remote Agent (RA) ...)