Author: stef-guest Date: 2007-01-24 19:02:39 +0100 (Wed, 24 Jan 2007) New Revision: 5344 Modified: data/CVE/list Log: - CVE-2007-0469: new RubyGems issue (low) - CVE-2007-0461: new dazuko issue - CVE-2007-0243: sun java issue already fixed - some NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-01-24 17:19:38 UTC (rev 5343) +++ data/CVE/list 2007-01-24 18:02:39 UTC (rev 5344) @@ -7,7 +7,7 @@ CVE-2007-0470 (Multiple unspecified vulnerabilities in tip in Sun Solaris 8, 9, and ...) NOT-FOR-US: Sun Solaris CVE-2007-0469 (The extract_files function in installer.rb in RubyGems before 0.9.1 ...) - TODO: check + - libgems-ruby <unfixed> (low; bug #408299) CVE-2007-0468 (Stack-based buffer overflow in rcdll.dll in msdev.exe in Visual C++ ...) NOT-FOR-US: Visual C++ CVE-2007-0467 @@ -23,7 +23,7 @@ CVE-2007-0462 RESERVED CVE-2007-0461 (Multiple memory leaks in the Dazuko anti-virus helper module before ...) - TODO: check + - dazuko-source <unfixed> (bug #408300) CVE-2007-0460 (Buffer overflow in ulogd for SUSE Linux 9.3 up to 10.1, and possibly ...) TODO: check if ulogd is vulnerable in Debian. CVE-2007-0459 @@ -149,9 +149,9 @@ CVE-2007-0400 (Cross-site scripting (XSS) vulnerability in admin/memberlist.php in ...) NOT-FOR-US: Easebay Resources CVE-2007-0399 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) - TODO: check + NOT-FOR-US: Simple Machines Forum CVE-2007-0398 (Multiple cross-site scripting (XSS) vulnerabilities in MisterSP ...) - TODO: check + NOT-FOR-US: MisterSPa-forum CVE-2006-6951 (Cross-site scripting (XSS) vulnerability in blog.php in OdysseusBlog ...) TODO: check CVE-2006-6950 (Directory traversal vulnerability in Conti FTPServer 1.0 Build 2.8 ...) @@ -173,7 +173,7 @@ CVE-2007-0396 (Unspecified vulnerability in HP-UX B.11.23, when running IPFilter in ...) NOT-FOR-US: HP-UX CVE-2007-0395 (PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: ComVironment CVE-2007-0394 (HP HP-UX B11.11 does not properly verify the status of file ...) NOT-FOR-US: HP-UX CVE-2007-0393 (Sun Solaris 9 does not properly verify the status of file descriptors ...) @@ -181,37 +181,37 @@ CVE-2007-0392 (IBM AIX 5.3 does not properly verify the status of file descriptors ...) NOT-FOR-US: IBM AIX CVE-2007-0391 (Format string vulnerability in the log creation functionality of ...) - TODO: check + NOT-FOR-US: BitDefender CVE-2007-0390 (Cross-site scripting (XSS) vulnerability in index.php in sabros.us 1.7 ...) - TODO: check + NOT-FOR-US: sabros.us CVE-2007-0389 (Directory traversal vulnerability in ArsDigita Community System (ACS) ...) - TODO: check + NOT-FOR-US: ArsDigita Community System CVE-2007-0388 (SQL injection vulnerability in search.php in Woltlab Burning Board ...) - TODO: check + NOT-FOR-US: Woltlab Burning Board CVE-2007-0387 (SQL injection vulnerability in models/category.php in the Weblinks ...) - TODO: check + NOT-FOR-US: Joomla CVE-2007-0386 (Unspecified vulnerability in the rating section in PostNuke 0.764 has ...) NOT-FOR-US: PostNuke CVE-2007-0385 (The faq section in PostNuke 0.764 allows remote attackers to obtain ...) NOT-FOR-US: PostNuke CVE-2007-0384 (Cross-site scripting (XSS) vulnerability in preview in the reviews ...) - TODO: check + NOT-FOR-US: PostNuke CVE-2007-0383 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: WDaemon CVE-2007-0382 (Multiple SQL injection vulnerabilities in letterman.class.php in the ...) - TODO: check + NOT-FOR-US: Letterman 1.2.3 (com_letterman) component for Joomla! CVE-2007-0381 (Multiple SQL injection vulnerabilities in ATutor 1.5.3.2 allow remote ...) NOT-FOR-US: ATutor CVE-2007-0380 (DocMan 1.3 RC2 allows remote attackers to obtain sensitive information ...) - TODO: check + NOT-FOR-US: DocMan CVE-2007-0379 (Cross-site scripting (XSS) vulnerability in DocMan 1.3 RC2 allows ...) - TODO: check + NOT-FOR-US: DocMan CVE-2007-0378 (Multiple SQL injection vulnerabilities in DocMan 1.3 RC2 allow ...) - TODO: check + NOT-FOR-US: DocMan CVE-2007-0377 (Multiple SQL injection vulnerabilities in Xoops 2.0.16 allow remote ...) NOT-FOR-US: Xoops CVE-2007-0376 (Cross-site scripting (XSS) vulnerability in Virtuemart 1.0.7 allows ...) - TODO: check + NOT-FOR-US: Virtuemart CVE-2007-0375 (Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive ...) - joomla <not-affected> CVE-2007-0374 (SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and ...) @@ -236,9 +236,9 @@ CVE-2007-0366 (Untrusted search path vulnerability in Rumpus 5.1 and earlier allows ...) NOT-FOR-US: Maxum Rumpus CVE-2007-0365 (Multiple cross-site scripting (XSS) vulnerabilities in All In One ...) - TODO: check + NOT-FOR-US: All In One Control Panel CVE-2007-0364 (Multiple cross-site scripting (XSS) vulnerabilities in nicecoder.com ...) - TODO: check + NOT-FOR-US: nicecoder.com INDEXU CVE-2006-6945 (SQL injection vulnerability in Virtuemart 1.0.7 allows remote ...) TODO: check CVE-2007-XXXX [libjabber DoS] @@ -318,13 +318,13 @@ CVE-2007-0333 (Agnitum Outpost Firewall PRO 4.0 allows local users to bypass access ...) NOT-FOR-US: Outpost Firewall Pro CVE-2007-0332 ((1) admin/adminlien.php3 and (2) admin/modif.php3 in liens_dynamiques ...) - TODO: check + NOT-FOR-US: liens_dynamiques CVE-2007-0331 (Cross-site scripting (XSS) vulnerability in liens.php3 in ...) - TODO: check + NOT-FOR-US: liens_dynamiques CVE-2007-0330 (Buffer overflow in wsbho2k0.dll, as used by wsftpurl.exe, in Ipswitch ...) NOT-FOR-US: Ipswitch WS_FTP CVE-2007-0329 (download.php in Joonas Viljanen JV2 Folder Gallery allows remote ...) - TODO: check + NOT-FOR-US: Joonas Viljanen JV2 Folder Gallery CVE-2007-0328 RESERVED CVE-2007-0327 @@ -364,11 +364,11 @@ CVE-2007-0310 (BMC Remedy Action Request System 5.01.02 Patch 1267 generates ...) NOT-FOR-US: BMC Software CVE-2007-0309 (SQL injection vulnerability in blocks/block-Old_Articles.php in ...) - TODO: check + NOT-FOR-US: PHP-Nuke CVE-2007-0308 (Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before ...) NOT-FOR-US: Poplar Gedcom Viewer CVE-2007-0307 (PHP remote file inclusion vulnerability in include/common.php in ...) - TODO: check + NOT-FOR-US: Poplar Gedcom Viewer CVE-2007-0306 (SQL injection vulnerability in visu_user.asp in Digiappz DigiAffiliate ...) NOT-FOR-US: Digiappz CVE-2007-0305 (SQL injection vulnerability in etkinlikbak.asp in Okul Web Otomasyon ...) @@ -386,7 +386,7 @@ CVE-2007-0299 (Integer overflow in the byte_swap_sbin function in ...) NOT-FOR-US: Apple Mac OS CVE-2007-0298 (PHP remote file inclusion vulnerability in show.php in LunarPoll, when ...) - TODO: check + NOT-FOR-US: LunarPoll CVE-2006-6944 (phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny ...) - phpmyadmin 4:2.9.1.1-2 (medium) CVE-2006-6943 (PhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full ...) @@ -516,7 +516,7 @@ CVE-2007-0244 RESERVED CVE-2007-0243 (Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 ...) - TODO: check + - sun-java5 1.5.0-10-1 CVE-2007-0242 RESERVED CVE-2007-0241 @@ -539,13 +539,13 @@ CVE-2007-0233 (wp-trackback.php in WordPress 2.0.6 and earlier does not properly ...) TODO: check CVE-2007-0232 (PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: Jshop Server CVE-2007-0231 (Cross-site scripting (XSS) vulnerability in Movable Type (MT) 3.33, ...) NOT-FOR-US: Movable Type CVE-2007-0230 (** DISPUTED ** PHP remote file inclusion vulnerability in install.php ...) - TODO: check + NOT-FOR-US: CS-Cart CVE-2007-0229 (Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and ...) - TODO: check + TODO: check kfreebsd CVE-2007-0228 (The DataCollector service in EIQ Networks Network Security Analyzer ...) NOT-FOR-US: EIQ Networks Network Security Analyzer CVE-2007-0227 (slocate 3.1 does not properly manage database entries that specify ...) @@ -557,7 +557,7 @@ CVE-2007-0224 (SQL injection vulnerability in shopgiftregsearch.asp in VP-ASP ...) NOT-FOR-US: Shopping Cart CVE-2007-0223 (SQL injection vulnerability in shared/code/cp_functions_downloads.php ...) - TODO: check + NOT-FOR-US: All In One Control Panel (AIOCP) CVE-2007-0222 (Directory traversal vulnerability in the EmChartBean server side ...) NOT-FOR-US: Oracle Application Server CVE-2007-0221 @@ -861,21 +861,21 @@ CVE-2007-0120 (Acunetix Web Vulnerability Scanner (WVS) 4.0 Build 20060717 and ...) NOT-FOR-US: Acunetix Web Vulnerability Scanner CVE-2007-0119 (Multiple cross-site scripting (XSS) vulnerabilities in EditTag 1.2 ...) - TODO: check + NOT-FOR-US: EditTag CVE-2007-0118 (Multiple absolute path traversal vulnerabilities in EditTag 1.2 allow ...) - TODO: check + NOT-FOR-US: EditTag CVE-2007-0117 (DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X ...) - TODO: check + NOT-FOR-US: Mac OS CVE-2007-0116 (Digger Solutions Intranet Open Source (IOS) stores sensitive ...) - TODO: check + NOT-FOR-US: Digger Solutions Intranet Open Source (IOS) CVE-2007-0115 (Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 ...) - TODO: check + NOT-FOR-US: Coppermine Photo Gallery CVE-2007-0114 (Sun Java System Content Delivery Server 5.0 and 5.0 PU1 allows remote ...) NOT-FOR-US: Sun Java System Content Delivery Server CVE-2007-0113 (Buffer overflow in Packeteer PacketShaper PacketWise 8.x allows remote ...) NOT-FOR-US: PacketWise CVE-2007-0112 (SQL injection vulnerability in cats.asp in createauction allows remote ...) - TODO: check + NOT-FOR-US: createauction CVE-2007-0111 (Buffer overflow in Resco Photo Viewer for PocketPC 4.11 and 6.01, as ...) NOT-FOR-US: PocketPC CVE-2007-0110 (Cross-site scripting (XSS) vulnerability in nidp/idff/sso in Novell ...)