Author: keescook-guest Date: 2007-02-07 23:18:55 +0100 (Wed, 07 Feb 2007) New Revision: 5424 Modified: data/CVE/list Log: NFUs, smb4k, nexuiz Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-02-07 10:54:21 UTC (rev 5423) +++ data/CVE/list 2007-02-07 22:18:55 UTC (rev 5424) @@ -1,31 +1,31 @@ CVE-2007-0769 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: Phorum CVE-2007-0768 (Multiple cross-site scripting (XSS) vulnerabilities in the Contact ...) - TODO: check + NOT-FOR-US: Yahoo! Messenger CVE-2007-0767 (Cross-site scripting (XSS) vulnerability in the core in Phorum before ...) - TODO: check + NOT-FOR-US: Phorum CVE-2007-0766 (Stack-based buffer overflow in Remotesoft .NET Explorer 2.0.1 allows ...) - TODO: check + NOT-FOR-US: .NET Explorer CVE-2007-0765 (SQL injection vulnerability in news.php in dB Masters Curium CMS 1.03 ...) - TODO: check + NOT-FOR-US: Curium CMS CVE-2007-0764 (Unrestricted file upload vulnerability in F3Site 2.1 and earlier ...) - TODO: check + NOT-FOR-US: F3Site CVE-2007-0763 (Cross-site scripting (XSS) vulnerability in the news comment ...) - TODO: check + NOT-FOR-US: F3Site CVE-2007-0762 (PHP remote file inclusion vulnerability in includes/functions.php in ...) - TODO: check + NOT-FOR-US: phpBB++ CVE-2007-0761 (PHP remote file inclusion vulnerability in config.php in phpBB ezBoard ...) - TODO: check + NOT-FOR-US: phpBB ezBoard converter CVE-2007-0760 (EQdkp 1.3.1 and earlier authenticates administrative requests by ...) - TODO: check + NOT-FOR-US: EQdkp CVE-2007-0759 (Multiple SQL injection vulnerabilities in EasyMoblog 0.5.1 allow ...) - TODO: check + NOT-FOR-US: EasyMoblog CVE-2007-0758 (PHP remote file inclusion vulnerability in lang.php in PHPProbid 5.24 ...) - TODO: check + NOT-FOR-US: PHPProbid CVE-2007-0757 (PHP remote file inclusion vulnerability in index.php in Miguel Nunes ...) - TODO: check + NOT-FOR-US: CoD2 DreamStats CVE-2007-0756 (Chicken of the VNC (cotv) 2.0 allows remote attackers to cause a ...) - TODO: check + NOT-FOR-US: Chicken of the VNC CVE-2007-0755 RESERVED CVE-2007-0754 @@ -119,35 +119,35 @@ CVE-2007-0710 RESERVED CVE-2007-0709 (cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) ...) - TODO: check + NOT-FOR-US: Comodo Firewall Pro CVE-2007-0708 (cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) ...) - TODO: check + NOT-FOR-US: Comodo Firewall Pro CVE-2007-0707 (Stack-based buffer overflow in GOM Player 2.0.12.3375 allows ...) - TODO: check + NOT-FOR-US: GOM Player CVE-2007-0706 (Cross-zone scripting vulnerability in Darksky RSS bar for Internet ...) - TODO: check + NOT-FOR-US: Darksky RSS CVE-2007-0705 (Cross-zone scripting vulnerability in Sleipnir 2.49 and earlier, and ...) - TODO: check + NOT-FOR-US: Sleipnir CVE-2007-0704 (PHP remote file inclusion vulnerability in install.php in Somery 0.4.6 ...) - TODO: check + NOT-FOR-US: Somery CVE-2007-0703 (PHP remote file inclusion vulnerability in library/StageLoader.php in ...) - TODO: check + NOT-FOR-US: WebBuilder CVE-2007-0702 (Multiple PHP remote file inclusion vulnerabilities in phpEventMan ...) - TODO: check + NOT-FOR-US: phpEventMan CVE-2007-0701 (PHP remote file inclusion vulnerability in inc/common.inc.php in ...) - TODO: check + NOT-FOR-US: Epistemon CVE-2007-0700 (Directory traversal vulnerability in index.php in Guernion Sylvain ...) - TODO: check + NOT-FOR-US: Portail Web CVE-2007-0699 (PHP remote file inclusion vulnerability in includes/includes.php in ...) - TODO: check + NOT-FOR-US: Portail Web CVE-2007-0698 (Multiple SQL injection vulnerabilities in ACGVannu 1.3 and earlier ...) - TODO: check + NOT-FOR-US: ACGVannu CVE-2007-0697 (index2.php in ACGVannu 1.3 and earlier allows remote attackers to ...) - TODO: check + NOT-FOR-US: ACGVannu CVE-2007-0696 (Cross-site scripting (XSS) vulnerability in error messages in Free LAN ...) - TODO: check + NOT-FOR-US: Free LAN Intranet Portal CVE-2007-0695 (Multiple SQL injection vulnerabilities in Free LAN In(tra|ter)net ...) - TODO: check + NOT-FOR-US: Free LAN Intranet Portal CVE-2007-0694 RESERVED CVE-2007-0693 @@ -161,11 +161,11 @@ CVE-2007-0689 RESERVED CVE-2006-6968 (Cross-site scripting (XSS) vulnerability in the group moderation ...) - TODO: check + NOT-FOR-US: Phorum CVE-2006-6967 (Check Point FireWall-1 allows remote attackers to obtain certificate ...) - TODO: check + NOT-FOR-US: Check Point Firewall-1 CVE-2006-6966 (phpGraphy before 0.9.13a does not properly unset variables when the ...) - TODO: check + NOT-FOR-US: phpGraphy CVE-2007-XXXX [remctl ACL bypass vulnerability] - remctl 2.2-2 [sarge] - remctl <not-affected> (Vulnerable code not present) @@ -199,7 +199,7 @@ CVE-2007-0676 (SQL injection vulnerability in faq.php in ExoPHPDesk 1.2.1 and earlier ...) NOT-FOR-US: ExoPHPDesk CVE-2007-0675 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: Windows Vista CVE-2007-0674 (Pictures and Videos on Windows Mobile 5.0 and Windows Mobile 2003 and ...) NOT-FOR-US: Windows Mobile CVE-2007-0673 (LGSERVER.EXE in BrightStor ARCserve Backup for Laptops & Desktops ...) @@ -227,19 +227,20 @@ CVE-2007-0663 (SQL injection vulnerability in index.php in Eclectic Designs ...) NOT-FOR-US: Eclectic Designs CascadianFAQ CVE-2007-0662 (PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: Hailboards CVE-2007-0661 (Intel Enterprise Southbridge 2 Baseboard Management Controller (BMC), ...) - TODO: check + NOT-FOR-US: Intel BMC CVE-2007-0660 (Cross-site scripting (XSS) vulnerability in the IFrame module before ...) - TODO: check + NOT-FOR-US: DotNetNuke CVE-2007-0659 (download.php in the MuddyDogPaws FileDownload snippet before 2.5 for ...) - TODO: check + NOT-FOR-US: MODx MuddyDogPaws FileDownload CVE-2007-0658 (The (1) Textimage 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module ...) TODO: check CVE-2007-0657 (Unspecified vulnerability in Nexuiz 2.2.2 allows remote attackers to ...) - TODO: check + - nexuiz 2.2.3-1 (medium) CVE-2007-0656 (PHP remote file inclusion vulnerability in includes/functions.php in ...) - TODO: check + - phpbb2 <not-affected> + NOTE: phpBB2-MODificat it is a module to phpbb2. CVE-2007-0655 RESERVED CVE-2007-0654 @@ -275,11 +276,11 @@ CVE-2007-0639 (Multiple static code injection vulnerabilities in error.php in GuppY ...) NOT-FOR-US: GuppY CVE-2007-0638 (show.php in Vlad Alexa Mancini PHPFootball 1.6 allows remote attackers ...) - TODO: check + NOT-FOR-US: PHPFootball CVE-2007-0637 (Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 ...) - TODO: check + NOT-FOR-US: Galeria Zdjec CVE-2007-0636 (Unspecified vulnerability in inotify before 0.3.5 has unknown impact ...) - TODO: check + NOT-FOR-US: incron CVE-2007-0635 (Multiple PHP remote file inclusion vulnerabilities in EncapsCMS 0.3.6 ...) NOT-FOR-US: EncapsCMS CVE-2007-0634 (Unspecified vulnerability in Sun Solaris 10 before 20070130 allows ...) @@ -613,13 +614,13 @@ CVE-2007-0476 (The gencert.sh script, when installing OpenLDAP before 2.1.30-r10, ...) - openldap2 <not-affected> (Gentoo packaging bug) CVE-2007-0475 (Multiple stack-based buffer overflows in utilities/smb4k_*.cpp in ...) - TODO: check + - smb4k 0.8.0-1 (low) CVE-2007-0474 (Smb4K before 0.8.0 allow local users, when present on the Smb4K ...) - TODO: check + - smb4k <unfixed> (low) CVE-2007-0473 (The writeFile function in core/smb4kfileio.cpp in Smb4K before 0.8.0 ...) - TODO: check + - smb4k 0.8.0-1 (low) CVE-2007-0472 (Multiple race conditions in Smb4K before 0.8.0 allow local users to ...) - TODO: check + - smb4k 0.8.0-1 (low) CVE-2006-6965 (CRLF injection vulnerability in lib/exe/fetch.php in DokuWiki ...) - dokuwiki 0.0.20061106-1 (low) CVE-2006-6964 (MailEnable Professional before 1.78 provides a cleartext user password ...) @@ -646,6 +647,7 @@ - iceweasel <unfixed> (unimportant) NOTE: Browser crashes not treated as security problems NOTE: Tested the proof of concept in iceweasel 2.0.0.1 and it crash. + NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=239840 CVE-2006-6953 (The virtual keyboard implementation in GlobeTrotter Mobility Manager ...) NOT-FOR-US: GlobeTrotter Mobility Manager CVE-2006-6952 (Computer Associates Host Intrusion Prevention System (HIPS) drivers ...) @@ -749,7 +751,7 @@ CVE-2007-0437 RESERVED CVE-2007-0436 (Unspecified vulnerability in Barron McCann X-Kryptor Driver ...) - TODO: check + NOT-FOR-US: X-Kryptor CVE-2005-4824 (PHP remote file inclusion vulnerability in web/classes.php in ...) NOT-FOR-US: siteframe CVE-2007-0435 (T-Com Speedport 500V routers with firmware 1.31 allow remote attackers ...)