Author: joeyh Date: 2007-01-11 21:14:22 +0100 (Thu, 11 Jan 2007) New Revision: 5241 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-01-11 19:12:49 UTC (rev 5240) +++ data/CVE/list 2007-01-11 20:14:22 UTC (rev 5241) @@ -1,78 +1,78 @@ -CVE-2007-0204 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...) - - phpmyadmin <unfixed> (bug #406486; high) -CVE-2007-0203 (Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 ...) - - phpmyadmin <unfixed> (bug #406332; high) -CVE-2007-0202 (SQL injection vulnerability in index.php in @lex Guestbook 4.0.2 ...) - NOT-FOR-US: @lex -CVE-2007-0201 (Buffer overflow in the cmd_usr function in ftp-gw in TIS Internet ...) - NOT-FOR-US: TIS -CVE-2007-0200 (PHP remote file inclusion vulnerability in template.php in Geoffrey ...) - NOT-FOR-US: Geoffrey Golliher Axiom Photo/News Gallery -CVE-2007-0199 (The Data-link Switching (DLSw) feature in Cisco IOS 11.0 through 12.4 ...) - NOT-FOR-US: Cisco -CVE-2007-0198 (The JTapi Gateway process in Cisco Unified Contact Center Enterprise ...) - NOT-FOR-US: Cisco -CVE-2007-0197 (Finder 10.4.6 on Apple Mac OS X 10.4.8 allows user-assisted ...) - NOT-FOR-US: Apple Mac OS -CVE-2007-0196 (SQL injection vulnerability in admin_check_user.asp in Motionborg Web ...) - NOT-FOR-US: Motionborg Web Real Estate +CVE-2007-0204 + - phpmyadmin <unfixed> (bug #406486; high) +CVE-2007-0203 + - phpmyadmin <unfixed> (bug #406332; high) +CVE-2007-0202 + NOT-FOR-US: @lex +CVE-2007-0201 + NOT-FOR-US: TIS +CVE-2007-0200 + NOT-FOR-US: Geoffrey Golliher Axiom Photo/News Gallery +CVE-2007-0199 + NOT-FOR-US: Cisco +CVE-2007-0198 + NOT-FOR-US: Cisco +CVE-2007-0197 + NOT-FOR-US: Apple Mac OS +CVE-2007-0196 + NOT-FOR-US: Motionborg Web Real Estate CVE-2007-0195 - RESERVED + TODO: check CVE-2007-0194 - RESERVED + TODO: check CVE-2007-0193 - RESERVED + TODO: check CVE-2007-0192 - RESERVED + TODO: check CVE-2007-0191 - RESERVED + TODO: check CVE-2007-0190 - RESERVED + TODO: check CVE-2007-0189 - RESERVED + TODO: check CVE-2007-0188 - RESERVED + TODO: check CVE-2007-0187 - RESERVED + TODO: check CVE-2007-0186 - RESERVED + TODO: check CVE-2007-0185 - RESERVED + TODO: check CVE-2007-0184 - RESERVED + TODO: check CVE-2007-0183 - RESERVED + TODO: check CVE-2007-0182 - RESERVED -CVE-2007-0181 (PHP remote vulnerability in include/common_function.php in magic photo ...) - NOT-FOR-US: Magic Photo Storage website -CVE-2007-0180 (Stack-based buffer overflow in EF Commander 5.75 allows user-assisted ...) - NOT-FOR-US: EF Commander -CVE-2007-0179 (SQL injection vulnerability in comment.php in PHPKIT 1.6.1 R2 allows ...) - NOT-FOR-US: PHPKIT -CVE-2007-0178 (PHP remote file inclusion vulnerability in info.php in Easy Banner Pro ...) - NOT-FOR-US: Easy Banner Pro -CVE-2007-0177 (Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki ...) - - mediawiki <unfixed> (bug #406238; medium) - NOTE: vendor advisory: http://sourceforge.net/forum/forum.php?forum_id=652721 -CVE-2007-0176 (Cross-site scripting (XSS) vulnerability in search/advanced_search.php in Gforge ...) - TODO: check -CVE-2007-0175 (Cross-site scripting (XSS) vulnerability in htsrv/login.php in b2evolution ...) - - b2evolution <not-affected> -CVE-2007-0174 (Multiple stack-based multiple buffer overflows in the BRWOSSRE2UC.dll ...) - NOT-FOR-US: Sina UC2006 -CVE-2007-0173 (Directory traversal vulnerability in index.php in L2J Statistik Script ...) - NOT-FOR-US: L2J Statistik Script -CVE-2007-0172 (Multiple PHP remote file inclusion vulnerabilities in AllMyGuests ...) - NOT-FOR-US: AllMyGuest -CVE-2007-0171 (PHP remote file inclusion vulnerability in index.php in AllMyLinks ...) - NOT-FOR-US: AllMyLinks -CVE-2007-0170 (PHP remote file inclusion vulnerability in index.php in AllMyVisitors ...) - NOT-FOR-US: AllmyVisitors + TODO: check +CVE-2007-0181 + NOT-FOR-US: Magic Photo Storage website +CVE-2007-0180 + NOT-FOR-US: EF Commander +CVE-2007-0179 + NOT-FOR-US: PHPKIT +CVE-2007-0178 + NOT-FOR-US: Easy Banner Pro +CVE-2007-0177 + - mediawiki <unfixed> (bug #406238; medium) + NOTE: vendor advisory: http://sourceforge.net/forum/forum.php?forum_id=652721 +CVE-2007-0176 + TODO: check +CVE-2007-0175 + - b2evolution <not-affected> +CVE-2007-0174 + NOT-FOR-US: Sina UC2006 +CVE-2007-0173 + NOT-FOR-US: L2J Statistik Script +CVE-2007-0172 + NOT-FOR-US: AllMyGuest +CVE-2007-0171 + NOT-FOR-US: AllMyLinks +CVE-2007-0170 + NOT-FOR-US: AllmyVisitors CVE-2007-0169 - RESERVED + TODO: check CVE-2007-0168 - RESERVED + TODO: check CVE-2007-0167 (Multiple PHP file inclusion vulnerabilities in WGS-PPC (aka PPC Search ...) TODO: check CVE-2007-0166 @@ -445,10 +445,10 @@ CVE-2007-XXXX [drupal DoS] - drupal 4.7.5-1 (low) NOTE: DRUPAL-SA-2007-002 -CVE-2007-0106 WordPress Trackback Charset Decoding SQL Injection Vulnerability +CVE-2007-0106 (Cross-site scripting (XSS) vulnerability in the CSRF protection scheme ...) - wordpress 2.0.6-1 (bug #405691; medium) NOTE: http://www.hardened-php.net/advisory_022007.141.html -CVE-2007-0107 WordPress CSRF Protection XSS Vulnerability +CVE-2007-0107 (WordPress before 2.0.6, when mbstring is enabled for PHP, decodes ...) - wordpress 2.0.6-1 (bug #405691; medium) NOTE: http://www.hardened-php.net/advisory_012007.140.html CVE-2007-0050 (** DISPUTED ** ...)