Author: stef-guest Date: 2007-01-06 16:43:38 +0100 (Sat, 06 Jan 2007) New Revision: 5210 Modified: data/CVE/list Log: - CVE-2007-0017: new vlc issue - CVE-2006-6858: new miredo issue - CVE-2006-6811: new ksirc issue - tdiary CVEified - some NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-01-05 20:03:10 UTC (rev 5209) +++ data/CVE/list 2007-01-06 15:43:38 UTC (rev 5210) @@ -1,11 +1,11 @@ CVE-2007-0050 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: OpenPinboard CVE-2007-0049 (Geckovich TaskTracker Pro 1.5 and earlier allows remote attackers to ...) - TODO: check + NOT-FOR-US: TaskTracker CVE-2007-0048 (Adobe Acrobat Reader Plugin before 8.0.0, when used with Internet ...) - TODO: check + NOT-FOR-US: Adobe Acrobat Reader with Internet Explorer CVE-2007-0047 (CRLF injection vulnerability in Adobe Acrobat Reader Plugin before ...) - TODO: check + NOT-FOR-US: Adobe Acrobat Reader with Internet Explorer CVE-2007-0046 (Double free vulnerability in the Adobe Acrobat Reader Plugin before ...) TODO: check CVE-2007-0045 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat ...) @@ -65,43 +65,43 @@ CVE-2007-0018 RESERVED CVE-2007-0017 (Format string vulnerability in VideoLAN VLC 0.8.6 allows user-assisted ...) - TODO: check + - vlc <unfixed> (bug #405425; medium) CVE-2007-0016 (Stack-based buffer overflow in MoviePlay 4.76 allows remote attackers ...) - TODO: check + NOT-FOR-US: MoviePlay CVE-2006-6858 (Miredo 0.9.8 through 1.0.5 does not properly authenticate a Teredo ...) - TODO: check + - miredo <unfixed> (bug #405412; bug #405111) CVE-2006-6857 (Cross-site scripting (XSS) vulnerability in ...) - TODO: check + NOT-FOR-US: Docebo LMS CVE-2006-6856 (Direct static code injection vulnerability in WebText CMS 0.4.5.2 and ...) - TODO: check + NOT-FOR-US: WebText CMS CVE-2006-6855 (AIDeX Mini-WebServer 1.1 early release 3 allows remote attackers to ...) - TODO: check + NOT-FOR-US: AIDeX Mini-WebServer CVE-2006-6854 (The qcamvc_video_init function in qcamvc.c in De Marchi Daniele ...) TODO: check CVE-2006-6853 (Buffer overflow in Durian Web Application Server 3.02 freeware on ...) - TODO: check + NOT-FOR-US: Durian Web Application Server CVE-2006-6852 (Eval injection vulnerability in tDiary 2.0.3 and 2.1.4.200 61127 ...) - TODO: check + - tdiary 2.1.4-6 (bug #403345; medium) CVE-2006-6851 (Multiple cross-site scripting (XSS) vulnerabilities in contact_us.php ...) - TODO: check + NOT-FOR-US: ac4p Mobilelib gold CVE-2006-6850 (PHP remote file inclusion vulnerability in include.php in the Roster ...) - TODO: check + NOT-FOR-US: Shadowed Portal / Roster Module CVE-2006-6849 (administration/index.php in Cahier de texte (CDT) 2.2 does not ...) - TODO: check + NOT-FOR-US: Cahier de texte (CDT) CVE-2006-6848 (SQL injection vulnerability in admin.asp in ASPTicker 1.0 allows ...) - TODO: check + NOT-FOR-US: ASPTicker CVE-2006-6847 (An ActiveX control in ierpplug.dll for RealNetworks RealPlayer 10.5 ...) TODO: check CVE-2006-6846 (Multiple SQL injection vulnerabilities in WYWO - InOut Board 1.0 allow ...) - TODO: check + NOT-FOR-US: WYWO - InOut Board CVE-2006-6845 (Cross-site scripting (XSS) vulnerability in index.php in CMS Made ...) - TODO: check + NOT-FOR-US: CMS Made Simple CVE-2006-6844 (Cross-site scripting (XSS) vulnerability in the optional user comment ...) - TODO: check + NOT-FOR-US: CMS Made Simple CVE-2006-6843 (PHP remote file inclusion vulnerability in the BE IT EasyPartner 0.0.9 ...) - TODO: check + NOT-FOR-US: EasyPartner component for Joomla! CVE-2006-6842 (SQL injection vulnerability in admin/admin_acronyms.php in the Acronym ...) - TODO: check + NOT-FOR-US: Acronym Mod for phpBB2 CVE-2006-6841 (Certain forms in phpBB before 2.0.22 lack session checks, which has ...) TODO: check CVE-2006-6840 (Unspecified vulnerability in phpBB before 2.0.22 has unknown impact ...) @@ -109,9 +109,9 @@ CVE-2006-6839 (Unspecified vulnerability in phpBB before 2.0.22 has unknown impact ...) TODO: check CVE-2006-6838 (Rediff Bol Downloader ActiveX (OCX) control allows remote attackers to ...) - TODO: check + NOT-FOR-US: Rediff Bol Downloader ActiveX (OCX) control CVE-2006-6837 (Multiple stack-based buffer overflows in the (1) LoadTree, (2) ...) - TODO: check + NOT-FOR-US: Total Commander CVE-2007-XXXX [webcam-server unspecified vulnerability] - webcam-server 0.50-2 CVE-2007-XXXX [libsoup parse_headers_DoS] @@ -177,11 +177,11 @@ CVE-2006-6812 (Multiple PHP remote file inclusion vulnerabilities in myPHPCalendar ...) NOT-FOR-US: myPHPCalendar CVE-2006-6811 (Buffer overflow in KsIRC 1.3.12 allows remote attackers to execute ...) - TODO: check + - kdenetwork <unfixed> (bug filed) CVE-2006-6810 (Unspecified vulnerability in the clear_user_list function in ...) - TODO: check + NOT-FOR-US: DB Hub CVE-2006-6809 (Multiple PHP remote file inclusion vulnerabilities in process.php in ...) - TODO: check + NOT-FOR-US: buratinable templator (aka bubla) CVE-2006-6808 (Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in ...) TODO: check CVE-2006-6807 (SQL injection vulnerability in list.asp in Softwebs Nepal (aka Ananda ...) @@ -750,8 +750,6 @@ - moodle 1.6.3-2 CVE-2006-XXXX [znc file access security hole] - znc 0.045-3 (bug #403141; medium) -CVE-2006-XXXX [tdiary arbitrary code execution] - - tdiary 2.1.4-6 (bug #403345; medium) CVE-2006-6573 (Unspecified vulnerability in Citrix Access Gateway 4.5 Advanced ...) NOT-FOR-US: Citrix CVE-2006-6572 (Unspecified vulnerability in Citrix Advanced Access Control (AAC) ...)