Author: keescook-guest Date: 2007-02-17 00:16:38 +0100 (Sat, 17 Feb 2007) New Revision: 5464 Modified: data/CVE/list Log: NFUs, and critical firefox vuln Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-02-16 20:14:34 UTC (rev 5463) +++ data/CVE/list 2007-02-16 23:16:38 UTC (rev 5464) @@ -1,69 +1,69 @@ CVE-2007-0981 (Mozilla based browsers allows remote attackers to bypass the same ...) - TODO: check + - iceweasel <unfixed> (high) CVE-2007-0980 (Unspecified vulnerability in HP Serviceguard for Linux; packaged for ...) - TODO: check + NOT-FOR-US: HP Serviceguard CVE-2007-0979 (Unspecified vulnerability in LifeType before 1.1.6, and 1.2 before ...) - TODO: check + NOT-FOR-US: LifeType CVE-2007-0978 (Buffer overflow in swcons in IBM AIX 5.3 allows local users to gain ...) TODO: check CVE-2007-0977 (IBM Lotus Domino R5 and R6 WebMail, with "Generate HTML for all ...) - TODO: check + NOT-FOR-US: IBM Lotus Domino CVE-2007-0976 (Buffer overflow in the ActSoft DVD-Tools ActiveX control ...) - TODO: check + NOT-FOR-US: ActSoft DVD-Tools ActiveX control CVE-2007-0975 (Variable extraction vulnerability in Ian Bezanson Apache Stats before ...) - TODO: check + NOT-FOR-US: Apache Stats CVE-2007-0974 (Multiple unspecified vulnerabilities in Ian Bezanson DropBox before ...) - TODO: check + NOT-FOR-US: DropBox CVE-2007-0973 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) - TODO: check + NOT-FOR-US: Jupiter CMS CVE-2007-0972 (Unrestricted file upload vulnerability in modules/emoticons.php in ...) - TODO: check + NOT-FOR-US: Jupiter CMS CVE-2007-0971 (Multiple SQL injection vulnerabilities in Jupiter CMS 1.1.5 allow ...) - TODO: check + NOT-FOR-US: Jupiter CMS CVE-2007-0970 (Multiple SQL injection vulnerabilities in WebTester 5.0.20060927 and ...) - TODO: check + NOT-FOR-US: WebTester CVE-2007-0969 (Multiple cross-site scripting (XSS) vulnerabilities in WebTester ...) - TODO: check + NOT-FOR-US: WebTester CVE-2007-0968 (Unspecified vulnerability in Cisco Firewall Services Module (FWSM) ...) - TODO: check + NOT-FOR-US: Cisco FWSM CVE-2007-0967 (Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.1) allows ...) - TODO: check + NOT-FOR-US: Cisco FWSM CVE-2007-0966 (Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.11), when the ...) - TODO: check + NOT-FOR-US: Cisco FWSM CVE-2007-0965 (Cisco FWSM 3.x before 3.1(3.2), when authentication is configured to ...) - TODO: check + NOT-FOR-US: Cisco FWSM CVE-2007-0964 (Cisco FWSM 3.x before 3.1(3.18), when authentication is configured to ...) - TODO: check + NOT-FOR-US: Cisco FWSM CVE-2007-0963 (Unspecified vulnerability in Cisco Firewall Services Module (FWSM) 3.x ...) - TODO: check + NOT-FOR-US: Cisco FWSM CVE-2007-0962 (Cisco PIX 500 and ASA 5500 Series Security Appliances 7.0 before ...) - TODO: check + NOT-FOR-US: Cisco PIX CVE-2007-0961 (Cisco PIX 500 and ASA 5500 Series Security Appliances 6.x before ...) - TODO: check + NOT-FOR-US: Cisco PIX CVE-2007-0960 (Unspecified vulnerability in Cisco PIX 500 and ASA 5500 Series ...) - TODO: check + NOT-FOR-US: Cisco PIX CVE-2007-0959 (Cisco PIX 500 and ASA 5500 Series Security Appliances 7.2.2, when ...) - TODO: check + NOT-FOR-US: Cisco PIX CVE-2007-0958 (Linux kernel 2.6.x before 2.6.20 allows local users to read unreadable ...) - TODO: check + - linux-2.6 <unfixed> (unimportant) CVE-2007-0957 RESERVED CVE-2007-0956 RESERVED CVE-2007-0955 (The NTLM_UnPack_Type3 function in MENTLM.dll in MailEnable ...) - TODO: check + NOT-FOR-US: Mail Enable Professional CVE-2007-0954 (MOHA Chat 0.1b7 and earlier does not require authentication for use of ...) - TODO: check + NOT-FOR-US: MOHA Chat CVE-2007-0953 (Cross-site scripting (XSS) vulnerability in search.pl in @Mail 4.61 ...) - TODO: check + NOT-FOR-US: @Mail CVE-2007-0952 (Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net ...) - TODO: check + NOT-FOR-US: Virtual Calendar CVE-2007-0951 (SQL injection vulnerability in listmain.asp in Fullaspsite ASP Hosting ...) - TODO: check + NOT-FOR-US: Fullaspsite ASP Hosting Site CVE-2007-0950 (Cross-site scripting (XSS) vulnerability in listmain.asp in ...) - TODO: check + NOT-FOR-US: Fullaspsite ASP Hosting Site CVE-2007-0949 (Stack-based buffer overflow in iTinySoft Studio Total Video Player ...) - TODO: check + NOT-FOR-US: iTinySoft CVE-2007-0948 RESERVED CVE-2007-0947 @@ -97,73 +97,73 @@ CVE-2007-0933 RESERVED CVE-2007-0932 (Unspecified vulnerability in Aruba Mobility Controller 200, 800, 2400, ...) - TODO: check + NOT-FOR-US: Aruba Mobility Controller CVE-2007-0931 (Buffer overflow in the management interface for Aruba Mobility ...) - TODO: check + NOT-FOR-US: Aruba Mobility Controller CVE-2007-0930 (Variable extract vulnerability in Apache Stats before 0.0.3beta allows ...) - TODO: check + NOT-FOR-US: Apache Stats CVE-2007-0929 (Directory traversal vulnerability in php rrd browser before 0.2.1 ...) - TODO: check + NOT-FOR-US: prb (php rrd browser) CVE-2007-0928 (Virtual Calendar stores sensitive information under the web root with ...) - TODO: check + NOT-FOR-US: Virtual Calendar CVE-2007-0927 (Heap-based buffer overflow in uTorrent 1.6 allows remote attackers to ...) - TODO: check + NOT-FOR-US: uTorrent CVE-2007-0926 (The dologin function in guestbook.php in KvGuestbook 1.0 Beta allows ...) - TODO: check + NOT-FOR-US: KvGuestbook CVE-2007-0925 (Cross-site scripting (XSS) vulnerability in search/SearchResults.aspx ...) - TODO: check + NOT-FOR-US: Community Server CVE-2007-0924 (Till Gerken phpPolls 1.0.3 allows remote attackers to bypass ...) - TODO: check + NOT-FOR-US: phpPolls CVE-2007-0923 (buscador/buscador.htm in Portal Search allows remote attackers to ...) - TODO: check + NOT-FOR-US: Portal Search CVE-2007-0922 (Cross-site scripting (XSS) vulnerability in buscador/buscador.htm in ...) - TODO: check + NOT-FOR-US: Portal Search CVE-2007-0921 (Portal Search allows remote attackers to redirect a URL to an ...) - TODO: check + NOT-FOR-US: Portal Search CVE-2007-0920 (SQL injection vulnerability in philboard_forum.asp in Philboard 1.14 ...) - TODO: check + NOT-FOR-US: Philboard CVE-2007-0919 (Directory traversal vulnerability in Nickolas Grigoriadis Mini Web ...) - TODO: check + NOT-FOR-US: MiniWebsvr CVE-2007-0918 (The ATOMIC.TCP signature engine in the Intrusion Prevention System ...) - TODO: check + NOT-FOR-US: Cisco IOS CVE-2007-0917 (The Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XE to ...) - TODO: check + NOT-FOR-US: Cisco IOS CVE-2007-0916 (Unspecified vulnerability in the Address and Routing Parameter Area ...) - TODO: check + NOT-FOR-US: HP-UX CVE-2007-0915 (Distributed SLS daemon (SLSd) on HP-UX B.11.11 allows remote attackers ...) - TODO: check + NOT-FOR-US: HP-UX CVE-2007-0914 (Race condition in the TCP subsystem for Solaris 10 allows remote ...) - TODO: check + NOT-FOR-US: Sun Solaris CVE-2007-0913 (Unspecified vulnerability in Microsoft Powerpoint allows remote ...) TODO: check CVE-2006-7024 (Multiple PHP remote file inclusion vulnerabilities in Harpia CMS 1.0.5 ...) - TODO: check + NOT-FOR-US: Harpia CMS CVE-2006-7023 (Multiple cross-site scripting (XSS) vulnerabilities in fx-APP 0.0.8.1 ...) - TODO: check + NOT-FOR-US: fx-APP CVE-2006-7022 (The Tools module in fx-APP 0.0.8.1 allows remote attackers to ...) - TODO: check + NOT-FOR-US: fx-APP CVE-2006-7021 (PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: Plume CMS CVE-2006-7020 (CRLF injection vulnerability in (1) include/inc_act/act_formmailer.php ...) - TODO: check + NOT-FOR-US: phpwcms CVE-2006-7019 (phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote ...) - TODO: check + NOT-FOR-US: phpwcms CVE-2006-7018 (phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote ...) - TODO: check + NOT-FOR-US: phpwcms CVE-2006-7017 (Multiple PHP remote file inclusion vulnerabilities in Indexu 5.0.1 ...) - TODO: check + NOT-FOR-US: Indexu CVE-2006-7016 (phpjobboard allows remote attackers to bypass authentication and gain ...) - TODO: check + NOT-FOR-US: Jobline CVE-2006-7015 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: Jobline CVE-2006-7014 (admin.php in BloggIT 1.01 and earlier does not properly establish a ...) - TODO: check + NOT-FOR-US: BloggIT CVE-2006-7013 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: Simple Machine Forum CVE-2006-7012 (scart.cgi in SCart 2.0 allows remote attackers to execute arbitrary ...) - TODO: check + NOT-FOR-US: SCart CVE-2006-7011 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: FlashChat CVE-2007-0912 (Cross-Site Request Forgery (CSRF) vulnerability in admin/admin.adm.php ...) NOT-FOR-US: JPortal CVE-2007-0911 (Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow ...) @@ -318,7 +318,7 @@ CVE-2007-0860 (** DISPUTED ** ...) NOT-FOR-US: local Calendar System CVE-2007-0859 (The Find feature in Palm OS Treo smart phones operates despite the ...) - TODO: check + NOT-FOR-US: Palm OS Treo CVE-2006-6992 (Cross-domain vulnerability in GoSuRF Browser 2.62 allows remote ...) NOT-FOR-US: GoSuRF Browser CVE-2006-6991 (Cross-domain vulnerability in Fast Browser Pro 8.1 allows remote ...) @@ -819,9 +819,9 @@ CVE-2007-0653 RESERVED CVE-2007-0652 (Cross-site request forgery (CSRF) vulnerability in MailEnable Professional ...) - TODO: check + NOT-FOR-US: MailEnable Professional CVE-2007-0651 (Multiple cross-site scripting (XSS) vulnerabilities in MailEnable ...) - TODO: check + NOT-FOR-US: MailEnable Professional CVE-2007-0650 (Buffer overflow in the open_sty function in mkind.c for makeindex 2.14 ...) - tetex-bin <not-affected> (Only vulnerable if compiled w/o kpathsea support, Debian does) CVE-2007-0649 (Variable overwrite vulnerability in interface/globals.php in OpenEMR ...) @@ -1584,7 +1584,7 @@ CVE-2007-0325 RESERVED CVE-2007-0324 (Multiple buffer overflows in the LizardTech DjVu Browser Plug-in ...) - TODO: check + NOT-FOR-US: LizardTech DjVu Browser Plug-in CVE-2007-0323 RESERVED CVE-2007-0322 @@ -4749,9 +4749,9 @@ CVE-2006-5861 (The Independent Management Architecture (IMA) service (ImaSrv.exe) in ...) NOT-FOR-US: Citrix CVE-2006-5860 (Cross-site scripting (XSS) vulnerability in the administrator console ...) - TODO: check + NOT-FOR-US: Adobe JRun CVE-2006-5859 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 ...) - TODO: check + NOT-FOR-US: Adobe ColdFusion CVE-2006-5858 (Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on Microsoft ...) NOT-FOR-US: Adobe CVE-2006-5857 (Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted remote ...)