Author: enerv-guest Date: 2007-01-30 14:15:15 +0100 (Tue, 30 Jan 2007) New Revision: 5387 Modified: data/CVE/list Log: some NFUs and issues. Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-01-30 11:33:39 UTC (rev 5386) +++ data/CVE/list 2007-01-30 13:15:15 UTC (rev 5387) @@ -31,11 +31,11 @@ CVE-2007-0542 (Cross-site scripting (XSS) vulnerability in show.php in 212cafe ...) TODO: check CVE-2007-0541 (WordPress allows remote attackers to determine the existence of ...) - TODO: check + - wordpress 2.1.0-1 (low) CVE-2007-0540 (WordPress allows remote attackers to cause a denial of service ...) - TODO: check + - wordpress 2.1.0-1 (low) CVE-2007-0539 (WordPress before 2.1 allows remote attackers to cause a denial of ...) - TODO: check + - wordpress 2.1.0-1 (low) CVE-2007-0538 (Telligent Community Server 2.1 and earlier allows remote attackers to ...) TODO: check CVE-2007-0537 (Konqueror 3.5.5 does not properly parse HTML comments, which allows ...) @@ -65,13 +65,13 @@ CVE-2007-0525 (Multiple buffer overflows in Nickolas Grigoriadis Mini Web server ...) TODO: check CVE-2007-0524 (The LG Chocolate KG800 phone allows remote attackers to cause a denial ...) - TODO: check + NOT-FOR-US: LG CVE-2007-0523 (The Nokia N70 phone allows remote attackers to cause a denial of ...) - TODO: check + NOT-FOR-US: Nokia CVE-2007-0522 (The Motorola MOTORAZR V3 phone allows remote attackers to cause a ...) - TODO: check + NOT-FOR-US: Motorola CVE-2007-0521 (The Sony Ericsson K700i and W810i phones allow remote attackers to ...) - TODO: check + NOT-FOR-US: Sony Ericsson CVE-2007-0520 (SQL injection vulnerability in banner.php in Unique Ads (UDS) 1.x ...) TODO: check CVE-2007-0519 (Cross-site scripting (XSS) vulnerability in memcp.php in XMB U2U ...) @@ -125,35 +125,35 @@ CVE-2007-0492 (Multiple SQL injection vulnerabilities in gallery.php in webSPELL ...) TODO: check CVE-2007-0491 (PHP remote file inclusion vulnerability in up.php in Sky GUNNING ...) - TODO: check + NOT-FOR-US: MySpeach CVE-2007-0490 (index.php in Open-Realty 2.3.4 allows remote attackers to obtain ...) - TODO: check + NOT-FOR-US: Open-Realty CVE-2007-0489 (PHP remote file inclusion vulnerability in ...) TODO: check CVE-2007-0488 (The Huawei Versatile Routing Platform 1.43 2500E-003 firmware on the ...) TODO: check CVE-2007-0487 (PHP remote file inclusion vulnerability in index.php in FreeForum ...) - TODO: check + NOT-FOR-US: FreeForum CVE-2007-0486 (Multiple PHP remote file inclusion vulnerabilities in Openads (aka ...) - TODO: check + NOT-FOR-US: Openads CVE-2007-0485 (PHP remote file inclusion vulnerability in defines.php in WebChat 0.77 ...) TODO: check CVE-2007-0484 (Multiple SQL injection vulnerabilities in Enthusiast 3.1 allow remote ...) - TODO: check + NOT-FOR-US: ReviewPost CVE-2007-0483 (Multiple cross-site scripting (XSS) vulnerabilities in Enthusiast 3.1 ...) - TODO: check + NOT-FOR-US: ReviewPost CVE-2007-0482 (cgi-bin/main in Sun Ray Server Software 2.0 and 3.0 before 20070123 ...) - TODO: check + NOT-FOR-US: Sun CVE-2007-0481 (Cisco IOS allows remote attackers to cause a denial of service (crash) ...) - TODO: check + NOT-FOR-US: Cisco CVE-2007-0480 (Cisco IOS 9.x, 10.x, 11.x, and 12.x and IOS XR 2.0.x, 3.0.x, and 3.2.x ...) - TODO: check + NOT-FOR-US: Cisco CVE-2007-0479 (Memory leak in the TCP listener in Cisco IOS 9.x, 10.x, 11.x, and 12.x ...) - TODO: check + NOT-FOR-US: Cisco CVE-2007-0478 (Apple Safari does not properly parse HTML comments, which allows ...) - TODO: check + NOT-FOR-US: Apple Safari CVE-2007-0477 (Cross-site scripting (XSS) vulnerability in Openads before 2.3.31 (aka ...) - TODO: check + NOT-FOR-US: Openads CVE-2007-0476 (The gencert.sh script, when installing OpenLDAP before 2.1.30-r10, ...) TODO: check CVE-2007-0475 @@ -165,37 +165,38 @@ CVE-2007-0472 RESERVED CVE-2006-6965 (CRLF injection vulnerability in lib/exe/fetch.php in DokuWiki ...) - TODO: check + - dokuwiki 0.0.20061106-1 (low) CVE-2006-6964 (MailEnable Professional before 1.78 provides a cleartext user password ...) - TODO: check + NOT-FOR-US: MailEnable CVE-2006-6963 (Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 3.0.3 ...) - TODO: check + NOT-FOR-US: Docebo CVE-2006-6962 (PHP remote file inclusion vulnerability in rsgallery2.html.php in the ...) - TODO: check + NOT-FOR-US: RS Gallery2 CVE-2006-6961 (WebRoot Spy Sweeper 4.5.9 and earlier does not detect malware based on ...) - TODO: check + NOT-FOR-US: WebRoot Spy Sweeper CVE-2006-6960 (The Compression Sweep feature in WebRoot Spy Sweeper 4.5.9 and earlier ...) - TODO: check + NOT-FOR-US: WebRoot Spy Sweeper CVE-2006-6959 (WebRoot Spy Sweeper 4.5.9 and earlier allows local users to bypass the ...) - TODO: check + NOT-FOR-US: WebRoot Spy Sweeper CVE-2006-6958 (Multiple PHP remote file inclusion vulnerabilities in phpBlueDragon ...) - TODO: check + NOT-FOR-US: phpBlueDragon CMS CVE-2006-6957 (PHP remote file inclusion vulnerability in addons/mod_media/body.php ...) - TODO: check + NOT-FOR-US: Docebo CVE-2006-6956 (Microsoft Internet Explorer allows remote attackers to cause a denial ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2006-6955 (Opera allows remote attackers to cause a denial of service ...) - TODO: check + NOT-FOR-US: Opera CVE-2006-6954 (Flock beta 1 0.7 allows remote attackers to cause a denial of service ...) - TODO: check + TODO: check iceweasel + NOTE: Tested the proof of concept in iceweasel 2.0.0.1 and it crash. CVE-2006-6953 (The virtual keyboard implementation in GlobeTrotter Mobility Manager ...) - TODO: check + NOT-FOR-US: GlobeTrotter Mobility Manager CVE-2006-6952 (Computer Associates Host Intrusion Prevention System (HIPS) drivers ...) - TODO: check + NOT-FOR-US: Computer Associates (CA) CVE-2005-4825 (Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager ...) - TODO: check + NOT-FOR-US: Cisco CVE-2004-2676 (The Spy Sweeper Enterprise Client (SpySweeperTray.exe) in WebRoot Spy ...) - TODO: check + NOT-FOR-US: WebRoot Spy Sweeper CVE-2007-0508 (PHP remote file inclusion vulnerability in lib/selectlang.php in ...) - bbclone <unfixed> (bug #408839; medium) CVE-2007-XXXX [hinfo code injection]