Author: enerv-guest Date: 2007-01-19 15:22:39 +0100 (Fri, 19 Jan 2007) New Revision: 5302 Modified: data/CVE/list Log: some NFUs added. new gosa and phpmyadmin issue fixed. Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-01-19 09:15:33 UTC (rev 5301) +++ data/CVE/list 2007-01-19 14:22:39 UTC (rev 5302) @@ -1,5 +1,5 @@ CVE-2007-0363 (Cross-site scripting (XSS) vulnerability in admin-search.php in (1) ...) - TODO: check + NOT-FOR-US: Openads CVE-2007-0362 (Cross-site scripting (XSS) vulnerability in the RSS feed component in ...) TODO: check CVE-2007-0361 (PHP remote file inclusion vulnerability in mep/frame.php in ...) @@ -15,15 +15,15 @@ CVE-2007-0356 (The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) ...) TODO: check CVE-2007-0355 (Buffer overflow in the Apple Minimal SLP v2 Service Agent (slpd) in ...) - TODO: check + NOT-FOR-US: Apple CVE-2007-0354 (SQL injection vulnerability in email.php in MGB OpenSource Guestbook ...) TODO: check CVE-2007-0353 (Cross-site scripting (XSS) vulnerability in (1) index.php and (2) ...) TODO: check CVE-2007-0352 (Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2007-0351 (Microsoft Windows XP and Windows Server 2003 do not properly handle ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2007-0350 (Multiple SQL injection vulnerabilities in (a) index.php and (b) dl.php ...) TODO: check CVE-2007-0349 (Directory traversal vulnerability in upgrade.php in nicecoder.com ...) @@ -39,33 +39,33 @@ CVE-2007-0344 (Multiple format string vulnerabilities in (1) _invitedToRoom: and (2) ...) TODO: check CVE-2007-0343 (OpenBSD before 20070116 allows remote attackers to cause a denial of ...) - TODO: check + NOT-FOR-US: OpenBSD CVE-2007-0342 (WebCore in Apple WebKit build 18794 allows remote attackers to cause a ...) - TODO: check + NOT-FOR-US: Apple WebKit CVE-2007-0341 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and ...) - TODO: check + - phpmyadmin 4:2.9.1.1-2 (medium) CVE-2007-0340 (SQL injection vulnerability in inc/header.inc.php in ThWboard ...) - TODO: check + NOT-FOR-US: ThWboard CVE-2007-0339 (SQL injection vulnerability in index.php (aka the login form) in ...) TODO: check CVE-2007-0338 (Heap-based buffer overflow in Dream FTP Server allows remote attackers ...) - TODO: check + NOT-FOR-US: BolinTech Dream FTP Server CVE-2007-0337 (Directory traversal vulnerability in sesskglogadmin.php in KGB 1.9 and ...) - TODO: check + NOT-FOR-US: KGB CVE-2007-0336 (Undercover.app/Contents/Resources/uc in Rixstep Undercover allows ...) - TODO: check + NOT-FOR-US: Rixstep CVE-2007-0335 (Multiple directory traversal vulnerabilities in Jax Petition Book ...) - TODO: check + NOT-FOR-US: Jax Petition Book CVE-2007-0334 (Unspecified vulnerability in the SIP module in InGate Firewall and ...) - TODO: check + NOT-FOR-US: Outpost Firewall Pro CVE-2007-0333 (Agnitum Outpost Firewall PRO 4.0 allows local users to bypass access ...) - TODO: check + NOT-FOR-US: Outpost Firewall Pro CVE-2007-0332 ((1) admin/adminlien.php3 and (2) admin/modif.php3 in liens_dynamiques ...) TODO: check CVE-2007-0331 (Cross-site scripting (XSS) vulnerability in liens.php3 in ...) TODO: check CVE-2007-0330 (Buffer overflow in wsbho2k0.dll, as used by wsftpurl.exe, in Ipswitch ...) - TODO: check + NOT-FOR-US: Ipswitch WS_FTP CVE-2007-0329 (download.php in Joonas Viljanen JV2 Folder Gallery allows remote ...) TODO: check CVE-2007-0328 @@ -89,59 +89,61 @@ CVE-2007-0319 RESERVED CVE-2007-0318 (The do_hfs_truncate function in Mac OS X 10.4.8 allows ...) - TODO: check + NOT-FOR-US: Apple Mac OS CVE-2007-0317 (Format string vulnerability in the LogMessage function in FileZilla ...) - TODO: check + NOT-FOR-US: FileZilla CVE-2007-0316 (Multiple SQL injection vulnerabilities in All In One Control Panel ...) - TODO: check + NOT-FOR-US: All In One Control Panel (AIOCP) CVE-2007-0315 (Multiple buffer overflows in FileZilla before 2.2.30a allow remote ...) - TODO: check + NOT-FOR-US: FileZilla CVE-2007-0314 (Multiple PHP remote file inclusion vulnerabilities in Article System ...) - TODO: check + NOT-FOR-US: Article System CVE-2007-0313 (Unspecified vulnerability in GONICUS System Administration (GOsa) ...) - TODO: check + - gosa 2.5.8-1 (medium) CVE-2007-0312 (wcSimple Poll stores sensitive information under the web root with ...) TODO: check CVE-2007-0311 (Texas Imperial Software WFTPD and WFTPD Pro Server 3.25 and earlier ...) - TODO: check + NOT-FOR-US: Texas Imperial Software WFTPD Pro Server CVE-2007-0310 (BMC Remedy Action Request System 5.01.02 Patch 1267 generates ...) - TODO: check + NOT-FOR-US: BMC Software CVE-2007-0309 (SQL injection vulnerability in blocks/block-Old_Articles.php in ...) TODO: check CVE-2007-0308 (Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before ...) - TODO: check + NOT-FOR-US: Poplar Gedcom Viewer CVE-2007-0307 (PHP remote file inclusion vulnerability in include/common.php in ...) TODO: check CVE-2007-0306 (SQL injection vulnerability in visu_user.asp in Digiappz DigiAffiliate ...) - TODO: check + NOT-FOR-US: Digiappz CVE-2007-0305 (SQL injection vulnerability in etkinlikbak.asp in Okul Web Otomasyon ...) - TODO: check + NOT-FOR-US: Okul Merkezi Portal CVE-2007-0304 (SQL injection vulnerability in duyuru.asp in MiNT Haber Sistemi 2.7 ...) - TODO: check + NOT-FOR-US: MiNT Haber Sistemi CVE-2007-0303 (Multiple unspecified vulnerabilities in Zina 1.0rc1 and earlier have ...) - TODO: check + NOT-FOR-US: Zina CVE-2007-0302 (Multiple cross-site scripting (XSS) vulnerabilities in InstantASP ...) TODO: check CVE-2007-0301 (PHP remote file inclusion vulnerability in _admin/admin_menu.php in ...) - TODO: check + NOT-FOR-US: FdWeB CVE-2007-0300 (PHP remote file inclusion vulnerability in i-accueil.php in TLM CMS ...) - TODO: check + NOT-FOR-US: TLM CMS CVE-2007-0299 (Integer overflow in the byte_swap_sbin function in ...) - TODO: check + NOT-FOR-US: Apple Mac OS CVE-2007-0298 (PHP remote file inclusion vulnerability in show.php in LunarPoll, when ...) TODO: check CVE-2006-6944 (phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny ...) - TODO: check -CVE-2006-6943 (hpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full ...) - TODO: check + - phpmyadmin 4:2.9.1.1-2 (medium) +CVE-2006-6943 [phpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full ...] + - phpmyadmin 4:2.9.1.1-2 (medium) + NOTE: Fixed name in CVE. CVE-2006-6942 (Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin ...) - TODO: check + - phpmyadmin 4:2.9.1.1-2 (medium) + NOTE: All versions 2.9.1 is vulnerable, solution is 2.9.1.1 or newer. CVE-2006-6941 (index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to ...) - TODO: check + NOT-FOR-US: FreeWebshop CVE-2006-6940 (Buffer overflow in the ParseHeader function in clsOWA.cls in POP3/SMTP ...) - TODO: check + NOT-FOR-US: OWA CVE-2003-1318 (Twilight Webserver 1.3.3.0 allows remote attackers to cause a denial ...) - TODO: check + NOT-FOR-US: Twilight Webserver CVE-2007-0297 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD ...) NOT-FOR-US: Oracle CVE-2007-0296 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD ...)