Author: stef-guest Date: 2007-01-13 11:36:05 +0100 (Sat, 13 Jan 2007) New Revision: 5259 Modified: data/CVE/list Log: - phpmyadmin issues not in sarge - some fixups Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-01-12 21:59:24 UTC (rev 5258) +++ data/CVE/list 2007-01-13 10:36:05 UTC (rev 5259) @@ -15,9 +15,12 @@ CVE-2006-6916 (Getahead Direct Web Remoting (DWR) before 1.1.3 allows attackers to ...) NOT-FOR-US: Getahead CVE-2007-0204 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...) - - phpmyadmin 4:2.9.1.1-2 (bug #406486; high) + - phpmyadmin 4:2.9.1.1-2 (bug #406486; low) + [sarge] - phpmyadmin <not-affected> (vulnerable code not present) CVE-2007-0203 (Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 ...) - - phpmyadmin 4:2.9.1.1-2 (bug #406486; high) + - phpmyadmin 4:2.9.1.1-2 (bug #406486; low) + [sarge] - phpmyadmin <not-affected> (vulnerable code not present) + NOTE: duplicate of CVE-2006-6374? CVE-2007-0202 (SQL injection vulnerability in index.php in @lex Guestbook 4.0.2 and ...) NOT-FOR-US: @lex CVE-2007-0201 (Buffer overflow in the cmd_usr function in ftp-gw in TIS Internet ...) @@ -33,7 +36,7 @@ CVE-2007-0196 (SQL injection vulnerability in admin_check_user.asp in Motionborg Web ...) NOT-FOR-US: Motionborg Web Real Estate CVE-2007-0195 (my.activation.php3 in F5 FirePass 5.4 through 5.5.1 and 6.0 displays ...) - TODO: F5 + NOT-FOR-US: F5 CVE-2007-0194 (admin.php in MKPortal M1.1 RC1 allows remote attackers to obtain ...) NOT-FOR-US: MKPortal CVE-2007-0193 (FON La Fonera routers do not properly limit DNS service access by ...) @@ -45,7 +48,7 @@ CVE-2007-0190 (PHP remote file inclusion vulnerability in edit_address.php in edit-x ...) NOT-FOR-US: edit-x ecommerce CVE-2007-0189 (** DISPUTED ** ...) - TODO: RESERVED + TODO: check CVE-2007-0188 (F5 FirePass 5.4 through 5.5.1 does not properly enforce host access ...) NOT-FOR-US: F5 CVE-2007-0187 (F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to ...) @@ -88,11 +91,11 @@ CVE-2007-0169 (Multiple buffer overflows in Computer Associates (CA) BrightStor ...) NOT-FOR-US: Computer Associates (CA) CVE-2007-0168 (The Tape Engine service in Computer Associates (CA) BrightStor ...) - TODO: Computer Associates (CA) + NOT-FOR-US: Computer Associates (CA) CVE-2007-0167 (Multiple PHP file inclusion vulnerabilities in WGS-PPC (aka PPC Search ...) NOT-FOR-US: PPC Search CVE-2007-0166 (The jail rc.d script in FreeBSD 5.3 up to 6.2 does not verify ...) - TODO: FreeBSD + TODO: check FreeBSD CVE-2007-0165 (Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows ...) NOT-FOR-US: Solaris CVE-2007-0164 (Camouflage 1.2.1 embeds password information in the carrier file, ...) @@ -104,7 +107,7 @@ CVE-2007-0161 (The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as ...) NOT-FOR-US: HP all-in-one drivers CVE-2007-0160 (Stack-based buffer overflow in the LiveJournal support ...) - TODO: centericq + TODO: check centericq CVE-2007-0159 (Directory traversal vulnerability in the GeoIP_update_database_general ...) - libgeoip1 <unfixed> (bug #406628; medium) CVE-2007-0158 @@ -128,13 +131,13 @@ CVE-2007-0149 (EMembersPro 1.0 stores sensitive information under the web root with ...) NOT-FOR-US: EMembersPro CVE-2007-0148 (Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote ...) - TODO: OminiGroup + NOT-FOR-US: OminiGroup CVE-2007-0147 (Cuyahoga before 1.0.1 installs the FCKEditor component with an ...) NOT-FOR-US: Cuyahoga CVE-2007-0146 (Multiple cross-site scripting (XSS) vulnerabilities in Fix and Chips ...) - TODO: Fix and Chips + NOT-FOR-US: Fix and Chips CVE-2007-0145 (PHP remote file inclusion vulnerability in bn_smrep1.php in BinGoPHP ...) - TODO: BinGoPHP + NOT-FOR-US: BinGoPHP CVE-2007-0144 (Cross-site scripting (XSS) vulnerability in search.asp in Digitizing ...) NOT-FOR-US: DIGITIZING QUOTE AND ORDERING SYSTEM CVE-2007-0143 (Multiple PHP remote file inclusion vulnerabilities in NUNE News Script ...) @@ -1703,7 +1706,7 @@ NOT-FOR-US: Simple machines Forum CVE-2006-6374 (Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow ...) - phpmyadmin <not-affected> (low; bug #404744) - [sarge] - phpmyadmin <no-dsa> (CRLF not backportable to Sarge) + [sarge] - phpmyadmin <not-affected> (doesn''t use sessions at all) [etch] - phpmyadmin <not-affected> (not exploitable with Etch''s php versions) NOTE: not exploitable with PHP 5.1.2+ and 4.4.2+ CVE-2006-6373 (PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive ...)