Author: fw Date: 2007-05-17 18:44:24 +0000 (Thu, 17 May 2007) New Revision: 5869 Modified: data/CVE/list Log: NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-05-17 18:03:37 UTC (rev 5868) +++ data/CVE/list 2007-05-17 18:44:24 UTC (rev 5869) @@ -1,31 +1,31 @@ CVE-2007-2715 (Admin/users.php in Snaps! Gallery 1.4.4 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Snaps! Gallery CVE-2007-2714 (Unspecified vulnerability in akismet.php in Matt Mullenweg Akismet ...) - TODO: check + NOT-FOR-US: Akismet CVE-2007-2713 (ifdate 2.x sends a redirect to the web browser but does not exit when ...) - TODO: check + NOT-FOR-US: iFdate CVE-2007-2712 (Unspecified vulnerability in MH Software Connect Daily before 3.3.3 ...) - TODO: check + NOT-FOR-US: MH Software Connect Daily Web Calendar CVE-2007-2711 (Stack-based buffer overflow in TinyIdentD 2.2 and earlier allows ...) - TODO: check + NOT-FOR-US: TinyIdentD CVE-2007-2710 (PHP remote file inclusion vulnerability in functions/prepend_adm.php ...) - TODO: check + NOT-FOR-US: NagiosQL CVE-2007-2709 (PHP remote file inclusion vulnerability in functions/prepend_adm.php ...) - TODO: check + NOT-FOR-US: NagiosQL CVE-2007-2708 (PHP remote file inclusion vulnerability in newsadmin.php in Feindt ...) - TODO: check + NOT-FOR-US: News-Script CVE-2007-2707 (PHP remote file inclusion vulnerability in linksnet_linkslog_rss.php ...) - TODO: check + NOT-FOR-US: Linksnet Newsfeed CVE-2007-2706 (PHP remote file inclusion vulnerability in maint/ftpmedia.php in Media ...) - TODO: check + NOT-FOR-US: Geeklog CVE-2007-2705 (Directory traversal vulnerability in the Test View Console in BEA ...) - TODO: check + NOT-FOR-US: BEA WebLogic Integration CVE-2007-2704 (BEA WebLogic Server 9.0 through 9.2 allows remote attackers to cause a ...) - TODO: check + NOT-FOR-US: BEA WebLogic Server CVE-2007-2703 (BEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if ...) - TODO: check + NOT-FOR-US: BEA WebLogic Portal CVE-2007-2702 (Cross-site scripting (XSS) vulnerability in the GroupSpace application ...) - TODO: check + NOT-FOR-US: BEA WebLogic Portal CVE-2007-2701 (The JMS Message Bridge in BEA WebLogic Server 7.0 through SP7 and 8.1 ...) NOT-FOR-US: BEA WebLogic CVE-2007-2700 (The WLST script generated by the configToScript command in BEA ...) @@ -57,11 +57,11 @@ [sarge] - mysql-dfsg-4.1 <unfixed> (bug #424830) [sarge] - mysql-dfsg <not-affected> CVE-2007-2690 (Multiple IBM ISS Proventia Series products, including the A, G, and M ...) - TODO: check + NOT-FOR-US: ISS CVE-2007-2689 (Check Point Web Intelligence does not properly handle certain ...) - TODO: check + NOT-FOR-US: Check Point CVE-2007-2688 (The Cisco Intrusion Prevention System (IPS) and IOS with Firewall/IPS ...) - TODO: check + NOT-FOR-US: Cisco CVE-2007-2687 RESERVED CVE-2007-2686 @@ -77,91 +77,91 @@ CVE-2007-2681 (Directory traversal vulnerability in blogs/index.php in b2evolution ...) TODO: check CVE-2007-2680 (Cross-site scripting (XSS) vulnerability in the management interface ...) - TODO: check + NOT-FOR-US: Canon CVE-2007-2679 (PHP file inclusion vulnerability in index.php in Ivan Peevski gallery ...) TODO: check CVE-2007-2678 (Buffer overflow in the isChecked function in toolbar.dll in Netsprint ...) - TODO: check + NOT-FOR-US: Netsprint CVE-2007-2677 (Multiple PHP remote file inclusion vulnerabilities in phpChess ...) - TODO: check + NOT-FOR-US: phpChess CVE-2007-2676 (PHP remote file inclusion vulnerability in skins/header.php in Open ...) - TODO: check + NOT-FOR-US: Open Translation Engine CVE-2007-2675 (SQL injection vulnerability in search.php in Pre Classifieds Listings ...) - TODO: check + NOT-FOR-US: Pre Classifieds Listings CVE-2007-2674 (SQL injection vulnerability in detail.php in Pre Shopping Mall 1.0 ...) TODO: check CVE-2007-2673 (SQL injection vulnerability in censura.php in Censura 1.15.04 allows ...) - TODO: check + NOT-FOR-US: Censura CVE-2007-2672 (SQL injection vulnerability in index.php in PHP Coupon Script 3.0 ...) - TODO: check + NOT-FOR-US: PHP Coupon Script CVE-2007-2671 (Mozilla Firefox 2.0.0.3 allows remote attackers to cause a denial of ...) TODO: check CVE-2007-2670 (PHPChain 1.0 and earlier allows remote attackers to obtain the ...) - TODO: check + NOT-FOR-US: PHPChain CVE-2007-2669 (Multiple cross-site scripting (XSS) vulnerabilities in PHPChain 1.0 ...) - TODO: check + NOT-FOR-US: PHPChain CVE-2007-2668 (Buffer overflow in webdesproxy 0.0.1 allows remote attackers to ...) - TODO: check + NOT-FOR-US: webdesproxy CVE-2007-2667 (Buffer overflow in the DB Software Laboratory VImpX ActiveX control in ...) - TODO: check + NOT-FOR-US: VImpX CVE-2007-2666 (Stack-based buffer overflow in SciLexer.dll in notepad++ 4.1.1 and ...) - TODO: check + NOT-FOR-US: notepad++ CVE-2007-2665 (PHP remote file inclusion vulnerability in block.php in PhpFirstPost ...) - TODO: check + NOT-FOR-US: PhpFirstPost CVE-2007-2664 (PHP remote file inclusion vulnerability in includes/common.php in Yaap ...) - TODO: check + NOT-FOR-US: Yaap CVE-2007-2663 (PHP remote file inclusion vulnerability in language/1/splash.lang.php ...) - TODO: check + NOT-FOR-US: Beacon CVE-2007-2662 (SQL injection vulnerability in EfesTECH Haber 5.0 allows remote ...) - TODO: check + NOT-FOR-US: EfesTECH CVE-2007-2661 (SQL injection vulnerability in archshow.asp in BlogMe 3.0 allows ...) - TODO: check + NOT-FOR-US: BlogMe CVE-2007-2660 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: PhpConcept CVE-2007-2659 (Directory traversal vulnerability in index.php in PHP Advanced ...) - TODO: check + NOT-FOR-US: PHP Advanced Transfer Manager (phpATM) CVE-2007-2658 (Unspecified vulnerability in the ID Automation Linear Barcode 1.6.0.5 ...) - TODO: check + NOT-FOR-US: ID Automation CVE-2007-2657 (Unspecified vulnerability in the PrecisionID Barcode 1.3 ActiveX ...) - TODO: check + NOT-FOR-US: PrecisionID CVE-2007-2656 (Stack-based buffer overflow in the Hewlett-Packard (HP) Magview ...) - TODO: check + NOT-FOR-US: HP CVE-2007-2655 (Unspecified vulnerability in NetWin Webmail 3.1s-1 in SurgeMail before ...) - TODO: check + NOT-FOR-US: NetWin CVE-2007-2654 (xfs_fsr in xfsdump creates a temporary directory with insecure ...) TODO: check CVE-2007-2653 (Unspecified vulnerability in Vim (Vi IMproved) before 7.1 has ...) TODO: check CVE-2007-2652 (Multiple unspecified vulnerabilities in Free-SA before 1.2.2 allow ...) - TODO: check + NOT-FOR-US: Free-SA CVE-2007-2651 (Multiple off-by-one errors in VooDoo cIRCle before 1.1.beta27 allow ...) - TODO: check + NOT-FOR-US: VooDoo cIRCle CVE-2007-2650 (The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to ...) TODO: check CVE-2007-2649 (Deutsche Telekom (T-com) Speedport W 700v uses JavaScript delays for ...) TODO: check CVE-2007-2648 (Stack-based buffer overflow in the Clever Database Comparer 2.2 ...) - TODO: check + NOT-FOR-US: Clever Database Comparer CVE-2007-2647 (Static code injection vulnerability in admin/admin_configuration.php ...) - TODO: check + NOT-FOR-US: MonAlbum CVE-2007-2646 (Heap-based buffer overflow in yEnc32 1.0.7.207 allows user-assisted ...) - TODO: check + NOT-FOR-US: yEnc32 CVE-2007-2645 (Integer overflow in the exif_data_load_data_entry function in ...) - libexif <unfixed> (bug #424775) CVE-2007-2644 (A certain ActiveX control in Morovia Barcode ActiveX Professional ...) - TODO: check + NOT-FOR-US: Morovia CVE-2007-2643 (Directory traversal vulnerability in phpThumb.php in PinkCrow Designs ...) - TODO: check + NOT-FOR-US: maGAZIn CVE-2007-2642 (Directory traversal vulnerability in galeria.php in R2K Gallery 1.7 ...) - TODO: check + NOT-FOR-US: R2K Gallery CVE-2007-2641 (SQL injection vulnerability in W1L3D4_bolum.asp in W1L3D4 Philboard ...) - TODO: check + NOT-FOR-US: W1L3D4 CVE-2007-2640 (LibTMCG before 1.1.1 does not perform a range check to avoid "trivial ...) - TODO: check + NOT-FOR-US: LibTMCG CVE-2007-2639 (Directory traversal vulnerability in TFTPdWin 0.4.2 allows remote ...) - TODO: check + NOT-FOR-US: TFTPDWIN CVE-2007-2638 (eFileCabinet 3.3 allows remote attackers to bypass authentication and ...) - TODO: check + NOT-FOR-US: eFileCabinet CVE-2007-2637 (MoinMoin before 20070507 does not properly enforce ACLs for calendars ...) TODO: check CVE-2007-2636 (Unspecified vulnerability in phpTodo before 0.8.1 allows remote ...)