Author: enerv-guest Date: 2007-01-23 21:46:15 +0100 (Tue, 23 Jan 2007) New Revision: 5334 Modified: data/CVE/list Log: some NFUs fixed. fixed wzdftpd and gxine issues. Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-01-23 20:14:08 UTC (rev 5333) +++ data/CVE/list 2007-01-23 20:46:15 UTC (rev 5334) @@ -1,75 +1,75 @@ CVE-2007-0435 (T-Com Speedport 500V routers with firmware 1.31 allow remote attackers ...) - TODO: check + NOT-FOR-US: T-Com Speedport CVE-2007-0434 (BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 ...) - TODO: check + NOT-FOR-US: BEA CVE-2007-0433 (Unspecified vulnerability in BEA AquaLogic Enterprise Security 2.0 ...) - TODO: check + NOT-FOR-US: BEA CVE-2007-0432 (BEA AquaLogic Service Bus 2.0, 2.1, and 2.5 does not properly reject ...) - TODO: check + NOT-FOR-US: BEA CVE-2007-0431 (AVM Fritz!Box 7050, and possibly other product models, allows remote ...) - TODO: check + NOT-FOR-US AVM CVE-2007-0430 (The shared_region_map_file_np function in Apple Mac OS X 10.4.8 and ...) - TODO: check + NOT-FOR-US: Apple Mac OS CVE-2007-0429 (DivXBrowserPlugin (aka DivX Web Player) npdivx32.dll, as distributed ...) - TODO: check + NOT-FOR-US: DivX Web Player CVE-2007-0428 (Unspecified vulnerability in the chtbl_lookup function in hash.c for ...) - TODO: check + - wzdftpd 0.8.1-1 (medium) CVE-2007-0427 (Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2007-0426 (BEA WebLogic Portal 9.2, when running in a WebLogic Server clustered ...) - TODO: check + NOT-FOR-US: BEA CVE-2007-0425 (Unspecified vulnerability in BEA WebLogic Platform and Server 8.1 ...) - TODO: check + NOT-FOR-US: BEA CVE-2007-0424 (Unspecified vulnerability in the BEA WebLogic Server proxy plug-in for ...) - TODO: check + NOT-FOR-US: BEA CVE-2007-0423 (BEA WebLogic Portal 9.2 does not properly handle when an administrator ...) - TODO: check + NOT-FOR-US: BEA CVE-2007-0422 (BEA WebLogic Server 9.0, 9.1, and 9.2 Gold, when running on Solaris 9, ...) - TODO: check + NOT-FOR-US: BEA CVE-2007-0421 (BEA WebLogic Server 6.1 through 6.1 SP7, and 7.0 through 7.0 SP7 ...) - TODO: check + NOT-FOR-US: BEA CVE-2007-0420 (BEA WebLogic Server 9.0, 9.1, and 9.2 Gold allows remote attackers to ...) - TODO: check + NOT-FOR-US: BEA CVE-2007-0419 (The BEA WebLogic Server proxy plug-in before June 2006 for the Apache ...) - TODO: check + NOT-FOR-US: BEA CVE-2007-0418 (BEA WebLogic Server 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and ...) - TODO: check + NOT-FOR-US: BEA CVE-2007-0417 (BEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5, 9.0, and ...) - TODO: check + NOT-FOR-US: BEA CVE-2007-0416 (The WSEE runtime (WS-Security runtime) in BEA WebLogic Server 9.0 and ...) - TODO: check + NOT-FOR-US: BEA CVE-2007-0415 (BEA WebLogic Server 8.1 through 8.1 SP5 does not properly enforce ...) - TODO: check + NOT-FOR-US: BEA CVE-2007-0414 (BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP6, 8.1 ...) - TODO: check + NOT-FOR-US: BEA CVE-2007-0413 (BEA WebLogic Server 8.1 through 8.1 SP5 improperly cleartext data in a ...) - TODO: check + NOT-FOR-US: BEA CVE-2007-0412 (BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP7, and 8.1 ...) - TODO: check + NOT-FOR-US: BEA CVE-2007-0411 (BEA WebLogic Server 8.1 through 8.1 SP5, 9.0, 9.1, and 9.2 Gold, when ...) - TODO: check + NOT-FOR-US: BEA CVE-2007-0410 (Unspecified vulnerability in the thread management in BEA WebLogic 7.0 ...) - TODO: check + NOT-FOR-US: BEA CVE-2007-0409 (BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0 initial ...) - TODO: check + NOT-FOR-US: BEA CVE-2007-0408 (BEA Weblogic Server 8.1 through 8.1 SP4 does not properly validate ...) - TODO: check + NOT-FOR-US: BEA CVE-2007-0407 (Cross-site scripting (XSS) vulnerability in Operation/User.pm in Plain ...) - TODO: check + NOT-FOR-US: Poplar Gedcom Viewer CVE-2007-0406 (Multiple buffer overflows in the (1) main function in (a) client.c, ...) - TODO: check + - gxine 0.5.8-2 (medium; bug #405876) CVE-2007-0405 (The LazyUser class in the AuthenticationMiddleware for Django 0.95 ...) TODO: check CVE-2007-0404 (bin/compile-messages.py in Django 0.95 does not quote argument strings ...) TODO: check CVE-2007-0403 (SQL injection vulnerability in admin/memberlist.php in Easebay ...) - TODO: check + NOT-FOR-US: Easebay Resources CVE-2007-0402 (Cross-site scripting (XSS) vulnerability in admin/edit_member.php in ...) - TODO: check + NOT-FOR-US: Easebay Resources CVE-2007-0401 (SQL injection vulnerability in admin/memberlist.php in Easebay ...) - TODO: check + NOT-FOR-US: Easebay Resources CVE-2007-0400 (Cross-site scripting (XSS) vulnerability in admin/memberlist.php in ...) - TODO: check + NOT-FOR-US: Easebay Resources CVE-2007-0399 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) TODO: check CVE-2007-0398 (Multiple cross-site scripting (XSS) vulnerabilities in MisterSP ...) @@ -83,9 +83,9 @@ CVE-2006-6948 (MyODBC Japanese conversion edition 3.51.06, 2.50.29, and 2.50.25 ...) TODO: check CVE-2006-6947 (The FTP server in the NEC MultiWriter 1700C allows remote attackers to ...) - TODO: check + NOT-FOR-US: NEC CVE-2006-6946 (The web server in the NEC MultiWriter 1700C allows remote attackers to ...) - TODO: check + NOT-FOR-US: NEC CVE-2007-XXXX [wordpress unregister_globals workaround from 2.0.7] - wordpress 2.0.7 (bug #407116; unimportant) NOTE: Non-issue, hash issue fixed since months in Sarge and Etch,