thr3ads.net - Secure testing commits - [Secure-testing-commits] r5431

If this information is useful, please help other people find it:
Share via:
Kees Cook
2007-Feb-09 20:14 UTC
[Secure-testing-commits] r5431 - data/CVE

Author: keescook-guest
Date: 2007-02-09 20:13:59 +0100 (Fri, 09 Feb 2007)
New Revision: 5431

Modified:
   data/CVE/list
Log:
NFUs, phpbb2 unimportant, drupal not-affected

Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-02-09 08:14:08 UTC (rev 5430)
+++ data/CVE/list	2007-02-09 19:13:59 UTC (rev 5431)
@@ -3,17 +3,17 @@
 CVE-2007-0857 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin
before ...)
 	TODO: check
 CVE-2007-0856 (TmComm.sys 1.5.0.1052 in the Trend Micro Anti-Rootkit Common
Module ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro Anti-Rootkit Common Module
 CVE-2007-0855 (Stack-based buffer overflow in RARLabs Unrar, as packaged in
WinRAR ...)
 	TODO: check
 CVE-2007-0854 (Remote file inclusion vulnerability in objcache in cPanel
WebHost ...)
-	TODO: check
+	NOT-FOR-US: cPanel WebHost Manager
 CVE-2007-0853 (SQL injection vulnerability in DevTrack 6.0.3 allows remote
attackers ...)
 	TODO: check
 CVE-2007-0852 (Cross-site scripting (XSS) vulnerability in DevTrack 6.x allows
remote ...)
 	TODO: check
 CVE-2007-0851 (Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300,
before ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro Scan Engine
 CVE-2007-0850 (scripts/cronscript.php in SysCP 1.2.15 and earlier includes and
...)
 	TODO: check
 CVE-2007-0849 (scripts/cronscript.php in SysCP 1.2.15 and earlier does not
properly ...)
@@ -41,9 +41,9 @@
 CVE-2007-0837 (PHP remote file inclusion vulnerability in
examples/inc/top.inc.php in ...)
 	TODO: check
 CVE-2007-0836 (admin.php in Coppermine Photo Gallery 1.4.10, and possibly
earlier, ...)
-	TODO: check
+	NOT-FOR-US: Coppermine Photo Gallery
 CVE-2007-0835 (admin.php in Coppermine Photo Gallery 1.4.10, and possibly
earlier, ...)
-	TODO: check
+	NOT-FOR-US: Coppermine Photo Gallery
 CVE-2007-0834 (Cross-site scripting (XSS) vulnerability in FlashChat 4.7.8
allows ...)
 	TODO: check
 CVE-2007-0833 (VMware Workstation 5.5.3 34685, when the &quot;Enable copy
and paste to and ...)
@@ -59,7 +59,7 @@
 CVE-2007-0828 (PHP remote file inclusion vulnerability in affichearticles.php3
in ...)
 	TODO: check
 CVE-2007-0827 (The Alibaba Alipay PTA Module ActiveX control (PTA.DLL) allows
remote ...)
-	TODO: check
+	NOT-FOR-US: Alibaba Alipay PTA Module ActiveX control
 CVE-2007-0826 (SQL injection vulnerability in forum.asp in Kisisel Site 2007
allows ...)
 	TODO: check
 CVE-2007-0825 (FlashFXP 3.4.0 build 1145 allows remote servers to cause a
denial of ...)
@@ -75,14 +75,14 @@
 CVE-2007-0820 (Multiple PHP remote file inclusion vulnerabilities in Cedric
CLAIRE ...)
 	TODO: check
 CVE-2007-0819 (HP Network Node Manager (NNM) Remote Console 7.50 assigns
Everyone ...)
-	TODO: check
+	NOT-FOR-US: HP Network Node Manager
 CVE-2007-0818
 	REJECTED
 	TODO: check
 CVE-2007-0817 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web
...)
-	TODO: check
+	NOT-FOR-US: Adobe ColdFusion web server
 CVE-2007-0816 (CA RPC Server service (catirpc.exe) for BrightStor ARCserve
Backup ...)
-	TODO: check
+	NOT-FOR-US: (CA) BrightStor
 CVE-2007-0815 (Cross-site scripting (XSS) vulnerability in images_archive.asp
in ...)
 	TODO: check
 CVE-2007-0814 (Multiple cross-site scripting (XSS) vulnerabilities in
Adrenalin''s ASP ...)
@@ -104,7 +104,7 @@
 CVE-2007-0806 (Les News 2.2 allows remote attackers to bypass authentication
and gain ...)
 	TODO: check
 CVE-2007-0805 (The ps (/usr/ucb/ps) command on HP Tru64 UNIX 5.1 1885 allows
local ...)
-	TODO: check
+	NOT-FOR-US: HP Tru64 UNIX
 CVE-2007-0804 (Directory traversal vulnerability in admin/subpages.php in GGCMS
1.1.0 ...)
 	TODO: check
 CVE-2007-0803 (Multiple buffer overflows in STLport before 5.0.3 allow remote
...)
@@ -126,27 +126,28 @@
 CVE-2007-0795 (Multiple PHP remote file inclusion vulnerabilities in Wap Portal
...)
 	TODO: check
 CVE-2007-0794 (** DISPUTED ** ...)
-	TODO: check
+	NOT-FOR-US: GlobalMegaCorp dvddb
 CVE-2007-0793 (PHP remote file inclusion vulnerability in inc/common.php in
...)
-	TODO: check
+	NOT-FOR-US: GlobalMegaCorp dvddb
 CVE-2007-0792 (The mod_perl initialization script in Bugzilla 2.23.3 does not
set the ...)
 	TODO: check
 CVE-2007-0791 (Cross-site scripting (XSS) vulnerability in Atom feeds in
Bugzilla ...)
 	TODO: check
 CVE-2007-0790 (Heap-based buffer overflow in SmartFTP 2.0.1002 allows remote
FTP ...)
-	TODO: check
+	NOT-FOR-US: SmartFTP
 CVE-2007-0789 (SQL injection vulnerability in Mambo before 4.5.5 allows remote
...)
-	TODO: check
+	- mambo 4.6.1-1 (medium)
+	NOTE: only the 4.5.x tree was vulnerable
 CVE-2007-0788 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.9.x
before ...)
-	TODO: check
+	- mediawiki <not-affected> (Only in 1.9 branch, fixed in 1.9.2)
 CVE-2007-0787 (PHP remote file inclusion vulnerability in controller.php in
Simple ...)
-	TODO: check
+	NOT-FOR-US: Simple Invoices
 CVE-2007-0786 (SQL injection vulnerability in view.php in Noname Media Photo
Galerie ...)
-	TODO: check
+	NOT-FOR-US: Noname Media Photo Galerie Standard
 CVE-2007-0785 (PHP remote file inclusion vulnerability in previewtheme.php in
...)
-	TODO: check
+	NOT-FOR-US: Flipsource Flip
 CVE-2007-0784 (SQL injection vulnerability in login.asp for tPassword in the
Raymond ...)
-	TODO: check
+	NOT-FOR-US: RBL ASP tPassword
 CVE-2007-0783
 	RESERVED
 CVE-2007-0782
@@ -176,37 +177,37 @@
 CVE-2007-0770
 	RESERVED
 CVE-2006-6982 (3proxy 0.5 to 0.5.2 does not offer NTLM authentication before
basic ...)
-	TODO: check
+	NOT-FOR-US: 3proxy
 CVE-2006-6981 (3proxy 0.5 to 0.5.2, when NT-encoded passwords are being used,
allows ...)
-	TODO: check
+	NOT-FOR-US: 3proxy
 CVE-2006-6980 (The magnatune.com album browser in Amarok allows attackers to
cause a ...)
 	TODO: check
 CVE-2006-6979 (The ruby handlers in Amarok do not properly quote text in
certain ...)
 	TODO: check
 CVE-2006-6978 (Cross-site scripting (XSS) vulnerability in the &quot;Basic
Toolbar ...)
-	TODO: check
+	NOT-FOR-US: FCKEditor
 CVE-2006-6977 (Cross-site scripting (XSS) vulnerability in the &quot;Basic
Toolbar ...)
-	TODO: check
+	NOT-FOR-US: FreeTextBox
 CVE-2006-6976 (PHP remote file inclusion vulnerability in centipaid_class.php
in ...)
-	TODO: check
+	NOT-FOR-US: CentiPaid
 CVE-2006-6975 (** DISPUTED ** ...)
-	TODO: check
+	NOT-FOR-US: CentiPaid
 CVE-2006-6974 (Headstart Solutions DeskPRO stores sensitive information under
the web ...)
-	TODO: check
+	NOT-FOR-US: DeskPRO
 CVE-2006-6973 (Headstart Solutions DeskPRO does not require authentication for
...)
-	TODO: check
+	NOT-FOR-US: DeskPRO
 CVE-2006-6972 (SQL injection in torrents.php in BtitTracker 1.3.2 and earlier
allows ...)
-	TODO: check
+	NOT-FOR-US: BtitTracker
 CVE-2006-6971 (Mozilla Firefox 2.0, possibly only when running on Windows,
allows ...)
 	TODO: check
 CVE-2006-6970 (Opera 9.10 Final allows remote attackers to bypass the Fraud
...)
 	TODO: check
 CVE-2006-6969 (Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and
6.1 ...)
-	TODO: check
+	NOT-FOR-US: Jetty
 CVE-2005-4827 (Internet Explorer 6.0, and possibly other versions, allows
remote ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2003-1319 (Multiple buffer overflows in SmartFTP 1.0.973, and other
versions ...)
-	TODO: check
+	NOT-FOR-US: SmartFTP
 CVE-2007-0844 (The auth_via_key function in pam_ssh.c in pam_ssh before 1.92,
when ...)
 	- libpam-ssh <unfixed> (bug #410236; medium)
 CVE-2007-0769 (** DISPUTED ** ...)
@@ -446,7 +447,7 @@
 CVE-2007-0659 (download.php in the MuddyDogPaws FileDownload snippet before 2.5
for ...)
 	NOT-FOR-US: MODx MuddyDogPaws FileDownload
 CVE-2007-0658 (The (1) Textimage 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1
module ...)
-	TODO: check
+	- drupal <not-affected> (Drupal module "Textimage")
 CVE-2007-0657 (Unspecified vulnerability in Nexuiz 2.2.2 allows remote
attackers to ...)
 	- nexuiz 2.2.3-1 (medium)
 CVE-2007-0656 (PHP remote file inclusion vulnerability in
includes/functions.php in ...)
@@ -12650,9 +12651,11 @@
 CVE-2006-2221 (A third-party installer generation tool, possibly BitRock ...)
 	- ejabberd <not-affected> (only binary distribution is affected)
 CVE-2006-2220 (phpBB 2.0.20 does not properly verify user-specified input
variables ...)
-	TODO: check
+	- phpbb2 <unfixed> (unimportant)
+	NOTE: SQL query disclosure
 CVE-2006-2219 (phpBB 2.0.20 does not verify user-specified input variable types
...)
-	TODO: check
+	- phpbb2 <unfixed> (unimportant)
+	NOTE: path disclosure
 CVE-2006-2218 (Unspecified vulnerability in Internet Explorer 6.0 on Microsoft
...)
 	NOT-FOR-US: MS IE
 CVE-2006-2217 (SQL injection vulnerability in index.php in Invision Power Board
...)
@@ -15319,7 +15322,7 @@
 	{DSA-1149-1}
 	- ncompress 4.2.4-16
 CVE-2006-1167 (SGI ProPack 3 SP6 kernel displays the frame buffer contents of
the ...)
-	TODO: check
+	NOT-FOR-US: SGI
 CVE-2006-1165 (Cross-site scripting (XSS) vulnerability in the mediamanager
module in ...)
 	- dokuwiki 0.0.20060309-3 (bug #357436)
 CVE-2006-1164 (Nodez 4.6.1.1 and earlier stores sensitive data in the
list.gtdat file ...)
Secure testing commits - Feb 2007 - r5431 - data/CVE

[Secure-testing-commits] r5431 - data/CVE
