Author: enerv-guest Date: 2007-01-27 21:11:54 +0100 (Sat, 27 Jan 2007) New Revision: 5358 Modified: data/CVE/list Log: some NFUs wordpress issue drupal CVEfied Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-01-27 20:00:39 UTC (rev 5357) +++ data/CVE/list 2007-01-27 20:11:54 UTC (rev 5358) @@ -94,7 +94,7 @@ CVE-2007-0436 RESERVED CVE-2005-4824 (PHP remote file inclusion vulnerability in web/classes.php in ...) - TODO: check + NOT-FOR-US: siteframe CVE-2007-0435 (T-Com Speedport 500V routers with firmware 1.31 allow remote attackers ...) NOT-FOR-US: T-Com Speedport CVE-2007-0434 (BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 ...) @@ -172,13 +172,13 @@ CVE-2007-0398 (Multiple cross-site scripting (XSS) vulnerabilities in MisterSP ...) NOT-FOR-US: MisterSPa-forum CVE-2006-6951 (Cross-site scripting (XSS) vulnerability in blog.php in OdysseusBlog ...) - TODO: check + NOT-FOR-US: Odysseus Blog CVE-2006-6950 (Directory traversal vulnerability in Conti FTPServer 1.0 Build 2.8 ...) - TODO: check + NOT-FOR-US: Conti FtpServer CVE-2006-6949 (Conti FTPServer 1.0 Build 2.8 stores user passwords in cleartext in ...) - TODO: check + NOT-FOR-US: Conti FtpServer CVE-2006-6948 (MyODBC Japanese conversion edition 3.51.06, 2.50.29, and 2.50.25 ...) - TODO: check + NOT-FOR-US: JVN CVE-2006-6947 (The FTP server in the NEC MultiWriter 1700C allows remote attackers to ...) NOT-FOR-US: NEC CVE-2006-6946 (The web server in the NEC MultiWriter 1700C allows remote attackers to ...) @@ -261,7 +261,7 @@ CVE-2007-0364 (Multiple cross-site scripting (XSS) vulnerabilities in nicecoder.com ...) NOT-FOR-US: nicecoder.com INDEXU CVE-2006-6945 (SQL injection vulnerability in Virtuemart 1.0.7 allows remote ...) - TODO: check + NOT-FOR-US: VirtueMart CVE-2007-XXXX [libjabber DoS] - centericq 4.21.0-18 (bug #406982) CVE-2007-XXXX [python-django flup/FastCGI/debugging issue] @@ -554,7 +554,7 @@ CVE-2007-0234 REJECTED CVE-2007-0233 (wp-trackback.php in WordPress 2.0.6 and earlier does not properly ...) - TODO: check + - wordpress 2.1.0-1 (medium) CVE-2007-0232 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Jshop Server CVE-2007-0231 (Cross-site scripting (XSS) vulnerability in Movable Type (MT) 3.33, ...) @@ -874,7 +874,7 @@ CVE-2007-0125 (Kaspersky Labs Antivirus Engine 6.0 for Windows and 5.5-10 for Linux ...) NOT-FOR-US: Kaspersky Labs CVE-2007-0124 (Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before ...) - TODO: check + - drupal 4.7.5-1 (low) CVE-2007-0123 (Unrestricted file upload vulnerability in Uber Uploader 4.2 allows ...) NOT-FOR-US: Uber Uploader CVE-2007-0122 (Multiple SQL injection vulnerabilities in Coppermine Photo Gallery ...) @@ -902,9 +902,9 @@ CVE-2007-0111 (Buffer overflow in Resco Photo Viewer for PocketPC 4.11 and 6.01, as ...) NOT-FOR-US: PocketPC CVE-2007-0110 (Cross-site scripting (XSS) vulnerability in nidp/idff/sso in Novell ...) - TODO: check + NOT-FOR-US: Novell Access Manager CVE-2007-0109 (wp-login.php in WordPress 2.0.5 and earlier displays different error ...) - TODO: check + - wordpress <not-affected> CVE-2007-0108 (nwgina.dll in Novell Client 4.91 SP3 for Windows 2000/XP/2003 does not ...) NOT-FOR-US: Novell Client CVE-2007-0105 (Stack-based buffer overflow in the CSAdmin service in Cisco Secure ...) @@ -924,17 +924,17 @@ CVE-2007-0103 (The Adobe PDF specification 1.3, as implemented by Adobe Acrobat ...) NOT-FOR-US: Acrobat Reader CVE-2007-0102 (The Adobe PDF specification 1.3, as implemented by Apple Mac OS X ...) - TODO: check + NOT-FOR-US: Apple Mac OS X CVE-2007-0101 (Cross-site request forgery (CSRF) vulnerability in SPINE allows remote ...) - TODO: check + NOT-FOR-US: SPINE CVE-2007-0100 (The Perforce client does not restrict the set of files that it ...) - TODO: check + NOT-FOR-US: Perforce CVE-2007-0099 (Race condition in the msxml3 module in Microsoft Internet Explorer 6 ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2007-0098 (Directory traversal vulnerability in language.php in VerliAdmin 0.3 ...) - TODO: check + NOT-FOR-US: VerliAdmin CVE-2007-0097 (Multiple stack-based buffer overflows in the (1) LoadTree and (2) ...) - TODO: check + NOT-FOR-US: ConeXware PowerArchive CVE-2007-0096 (CarbonCommunities stores sensitive information under the web root with ...) TODO: check CVE-2007-0095 (phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive ...) @@ -1061,7 +1061,7 @@ CVE-2006-6895 (The Bluetooth stack in the Sony Ericsson T60 does not properly ...) TODO: check CVE-2006-6894 (Multiple unspecified vulnerabilities in SPINE before 1.2 have unknown ...) - TODO: check + NOT-FOR-US: SPINE CVE-2006-6893 (Tor allows remote attackers to discover the IP address of a hidden ...) TODO: check CVE-2006-6892 (Cross-site scripting (XSS) vulnerability in the GetLocation function ...) @@ -1145,9 +1145,6 @@ CVE-2007-XXXX [drupal XSS] - drupal 4.7.5-1 (low) NOTE: DRUPAL-SA-2007-001 -CVE-2007-XXXX [drupal DoS] - - drupal 4.7.5-1 (low) - NOTE: DRUPAL-SA-2007-002 CVE-2007-0106 (Cross-site scripting (XSS) vulnerability in the CSRF protection scheme ...) - wordpress 2.0.6-1 (bug #405691; medium) NOTE: http://www.hardened-php.net/advisory_022007.141.html