thr3ads.net - Secure testing commits - [Secure-testing-commits] r5388

If this information is useful, please help other people find it:
Share via:
Kees Cook
2007-Jan-30 22:00 UTC
[Secure-testing-commits] r5388 - data/CVE

Author: keescook-guest
Date: 2007-01-30 22:00:21 +0100 (Tue, 30 Jan 2007)
New Revision: 5388

Modified:
   data/CVE/list
Log:
marking NFUs

Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-01-30 13:15:15 UTC (rev 5387)
+++ data/CVE/list	2007-01-30 21:00:21 UTC (rev 5388)
@@ -1,35 +1,35 @@
 CVE-2007-0557 (rMake before 1.0.4 drops root privileges in a way that retains
the ...)
-	TODO: check
+	NOT-FOR-US: rPath
 CVE-2007-0556
 	RESERVED
 CVE-2007-0555
 	RESERVED
 CVE-2007-0554 (SQL injection vulnerability in print.asp in Guo Xu Guos Posting
System ...)
-	TODO: check
+	NOT-FOR-US: Guos Posting System
 CVE-2007-0553 (Multiple cross-site scripting (XSS) vulnerabilities in
index.inc.php ...)
-	TODO: check
+	NOT-FOR-US: PHProxy
 CVE-2007-0552 (Cross-site scripting (XSS) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Onnac
 CVE-2007-0551 (Multiple PHP remote file inclusion vulnerabilities in
cmsimple/cms.php ...)
-	TODO: check
+	NOT-FOR-US: CMSimple
 CVE-2007-0550 (Cross-site scripting (XSS) vulnerability in search.php in
212cafeBoard ...)
-	TODO: check
+	NOT-FOR-US: 212cafe Guestbook
 CVE-2007-0549 (Cross-site scripting (XSS) vulnerability in list3.php in
212cafeBoard ...)
-	TODO: check
+	NOT-FOR-US: 212cafe Guestbook
 CVE-2007-0548 (KarjaSoft Sami HTTP Server 2.0.1 allows remote attackers to
cause a ...)
-	TODO: check
+	NOT-FOR-US: KarjaSoft
 CVE-2007-0547 (Cross-site scripting (XSS) vulnerability in CGI-RESCUE WebFORM
4.3 and ...)
-	TODO: check
+	NOT-FOR-US: CGI RESCUE
 CVE-2007-0546 (Toxiclab Shoutbox 1 stores sensitive information under the web
root ...)
-	TODO: check
+	NOT-FOR-US: Toxiclab Shoutbox
 CVE-2007-0545 (Maxtricity Tagger 0.1 stores sensitive information under the web
root ...)
-	TODO: check
+	NOT-FOR-US: Maxtricity Tagger
 CVE-2007-0544 (Cross-site scripting (XSS) vulnerability in private.php in MyBB
(aka ...)
-	TODO: check
+	NOT-FOR-US: MyBulletinBoard)
 CVE-2007-0543 (ZixForum 1.14 and earlier stores sensitive information under the
web ...)
-	TODO: check
+	NOT-FOR-US: ZixForum
 CVE-2007-0542 (Cross-site scripting (XSS) vulnerability in show.php in 212cafe
...)
-	TODO: check
+	NOT-FOR-US: 212cafe Guestbook
 CVE-2007-0541 (WordPress allows remote attackers to determine the existence of
...)
 	- wordpress 2.1.0-1 (low)
 CVE-2007-0540 (WordPress allows remote attackers to cause a denial of service
...)
@@ -37,33 +37,33 @@
 CVE-2007-0539 (WordPress before 2.1 allows remote attackers to cause a denial
of ...)
 	- wordpress 2.1.0-1 (low)
 CVE-2007-0538 (Telligent Community Server 2.1 and earlier allows remote
attackers to ...)
-	TODO: check
+	NOT-FOR-US: Telligent
 CVE-2007-0537 (Konqueror 3.5.5 does not properly parse HTML comments, which
allows ...)
 	TODO: check
 CVE-2007-0536 (The chroot helper in rMake for rPath Linux 1 does not drop ...)
-	TODO: check
+	NOT-FOR-US: rPath
 CVE-2007-0535 (Multiple eval injection vulnerabilities in Vote! Pro 4.0, and
possibly ...)
-	TODO: check
+	NOT-FOR-US: Vote! Pro
 CVE-2007-0534 (Multiple cross-site scripting (XSS) vulnerabilities in the (1)
Project ...)
 	TODO: check
 CVE-2007-0533 (The AToZed IntraWeb component 8.0 and earlier for Borland Delphi
and ...)
-	TODO: check
+	NOT-FOR-US: Borland Delphi
 CVE-2007-0532 (Tuan Do Uploader (aka php-uploader) 6 beta 1 stores sensitive
...)
-	TODO: check
+	NOT-FOR-US: Uploader
 CVE-2007-0531 (PHP remote file inclusion vulnerability in includes/login.php in
...)
-	TODO: check
+	NOT-FOR-US: FreeWebShop
 CVE-2007-0530 (** DISPUTED ** ...)
-	TODO: check
+	NOT-FOR-US: Advanced Guestbook
 CVE-2007-0529 (Cross-site scripting (XSS) vulnerability in index.html (aka the
...)
-	TODO: check
+	NOT-FOR-US: PHP Link Directory
 CVE-2007-0528 (The admin web console implemented by the Centrality
Communications ...)
-	TODO: check
+	NOT-FOR-US: Centrality Communications
 CVE-2007-0527 (SQL injection vulnerability in class.login.php in Website Baker
2.6.5 ...)
-	TODO: check
+	NOT-FOR-US: Website Baker
 CVE-2007-0526 (Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver
1.3.1 ...)
-	TODO: check
+	NOT-FOR-US: Bitweaver
 CVE-2007-0525 (Multiple buffer overflows in Nickolas Grigoriadis Mini Web
server ...)
-	TODO: check
+	NOT-FOR-US: Mini Web server
 CVE-2007-0524 (The LG Chocolate KG800 phone allows remote attackers to cause a
denial ...)
 	NOT-FOR-US: LG
 CVE-2007-0523 (The Nokia N70 phone allows remote attackers to cause a denial of
...)
@@ -73,29 +73,30 @@
 CVE-2007-0521 (The Sony Ericsson K700i and W810i phones allow remote attackers
to ...)
 	NOT-FOR-US: Sony Ericsson
 CVE-2007-0520 (SQL injection vulnerability in banner.php in Unique Ads (UDS)
1.x ...)
-	TODO: check
+	NOT-FOR-US: Unique Ads
 CVE-2007-0519 (Cross-site scripting (XSS) vulnerability in memcp.php in XMB U2U
...)
-	TODO: check
+	NOT-FOR-US: XMB Host
 CVE-2007-0518 (Scriptsez Smart PHP Subscriber (aka subscribe) stores sensitive
...)
-	TODO: check
+	NOT-FOR-US: Scriptsez
 CVE-2007-0517 (Scriptsez Random PHP Quote 1.0 stores sensitive information
under the ...)
-	TODO: check
+	NOT-FOR-US: Scriptsez
 CVE-2007-0516 (Yana Framework before 2.8.5a allows remote authenticated users
with ...)
-	TODO: check
+	NOT-FOR-US: Yana
 CVE-2007-0515 (Unspecified vulnerability in Microsoft Word allows user-assisted
...)
 	TODO: check
 CVE-2007-0514 (Multiple cross-site scripting (XSS) vulnerabilities in multiple
...)
-	TODO: check
+	NOT-FOR-US: Hitachi
 CVE-2007-0513 (Hitachi HiRDB Datareplicator 7HiRDB, 7(64), 6, 6(64), 5.0, and
...)
-	TODO: check
+	NOT-FOR-US: Hitachi
 CVE-2007-0512 (Hitachi TP1/LiNK 05-00 through 05-03-/F, 03-04 through 03-06-/K,
and ...)
-	TODO: check
+	NOT-FOR-US: Hitachi
 CVE-2007-0511 (Multiple PHP remote file inclusion vulnerabilities in phpXMLDOM
...)
-	TODO: check
+	NOT-FOR-US: phpXD
 CVE-2007-0510 (Multiple buffer overflows in (1) graphs.c, (2) output.c, and (3)
...)
-	TODO: check
+	- awffull <unfixed> (unimportant)
+	NOTE: This appears to be a bug without a vulnerability vector.
 CVE-2007-0509 (Multiple unspecified vulnerabilities in MaklerPlus before 1.2
have ...)
-	TODO: check
+	NOT-FOR-US: MaklerPlus
 CVE-2007-0507 (SQL injection vulnerability in the Acidfree module for Drupal
before ...)
 	TODO: check
 CVE-2007-0506 (The project_issue_access function in the Project issue tracking
4.7.0 ...)
@@ -103,41 +104,41 @@
 CVE-2007-0505 (Unrestricted file upload vulnerability in the Project issue
tracking ...)
 	TODO: check
 CVE-2007-0504 (Eval injection vulnerability in poll_frame.php in Vote! Pro 4.0,
and ...)
-	TODO: check
+	NOT-FOR-US: Vote! Pro
 CVE-2007-0503 (Unspecified vulnerability in kcms_calibrate in Sun Solaris 8 and
9 ...)
-	TODO: check
+	NOT-FOR-US: Sun
 CVE-2007-0502 (SQL injection vulnerability in gallery.php in webSPELL 4.01.02
allows ...)
-	TODO: check
+	NOT-FOR-US: webSPELL
 CVE-2007-0501 (PHP remote file inclusion vulnerability in index.php in Mafia
Scum ...)
-	TODO: check
+	NOT-FOR-US: Advanced Random Generators
 CVE-2007-0500 (PHP remote file inclusion vulnerability in include/includes.php
in ...)
-	TODO: check
+	NOT-FOR-US: Bradabra
 CVE-2007-0499 (PHP remote file inclusion vulnerability in config.php in Sangwan
Kim ...)
-	TODO: check
+	NOT-FOR-US: phpIndexPage
 CVE-2007-0498 (PHP remote file inclusion vulnerability in up.php in MySpeach
2.1 beta ...)
-	TODO: check
+	NOT-FOR-US: MySpeach
 CVE-2007-0497 (PHP remote file inclusion vulnerability in upload/top.php in
...)
-	TODO: check
+	NOT-FOR-US: Upload-Service
 CVE-2007-0496 (PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon
Labs ...)
-	TODO: check
+	NOT-FOR-US: Neon Lab
 CVE-2007-0495 (PHP remote file inclusion vulnerability in
include/config.inc.php in ...)
-	TODO: check
+	NOT-FOR-US: PhpSherpa
 CVE-2007-0492 (Multiple SQL injection vulnerabilities in gallery.php in
webSPELL ...)
-	TODO: check
+	NOT-FOR-US: webSPELL
 CVE-2007-0491 (PHP remote file inclusion vulnerability in up.php in Sky GUNNING
...)
 	NOT-FOR-US: MySpeach
 CVE-2007-0490 (index.php in Open-Realty 2.3.4 allows remote attackers to obtain
...)
 	NOT-FOR-US: Open-Realty
 CVE-2007-0489 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: VisoHotlink
 CVE-2007-0488 (The Huawei Versatile Routing Platform 1.43 2500E-003 firmware on
the ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2007-0487 (PHP remote file inclusion vulnerability in index.php in
FreeForum ...)
 	NOT-FOR-US: FreeForum
 CVE-2007-0486 (Multiple PHP remote file inclusion vulnerabilities in Openads
(aka ...)
 	NOT-FOR-US: Openads
 CVE-2007-0485 (PHP remote file inclusion vulnerability in defines.php in
WebChat 0.77 ...)
-	TODO: check
+	NOT-FOR-US: Webdev
 CVE-2007-0484 (Multiple SQL injection vulnerabilities in Enthusiast 3.1 allow
remote ...)
 	NOT-FOR-US: ReviewPost
 CVE-2007-0483 (Multiple cross-site scripting (XSS) vulnerabilities in
Enthusiast 3.1 ...)
@@ -155,7 +156,7 @@
 CVE-2007-0477 (Cross-site scripting (XSS) vulnerability in Openads before
2.3.31 (aka ...)
 	NOT-FOR-US: Openads
 CVE-2007-0476 (The gencert.sh script, when installing OpenLDAP before
2.1.30-r10, ...)
-	TODO: check
+	- openldap2 <not-affected> (Gentoo packaging bug)
 CVE-2007-0475
 	RESERVED
 CVE-2007-0474
@@ -279,7 +280,7 @@
 CVE-2007-0445
 	RESERVED
 CVE-2007-0444 (Stack-based buffer overflow in the print provider library
(cpprov.dll) ...)
-	TODO: check
+	NOT-FOR-US: Citrix
 CVE-2007-0443
 	RESERVED
 CVE-2007-0442 (Unspecified vulnerability in IBM OS/400 R530 and R535 has
unknown ...)
@@ -507,6 +508,7 @@
 	RESERVED
 CVE-2007-0347 (The is_eow function in format.c in CVSTrac before 2.0.1 does not
...)
 	TODO: check
+	NOTE: it is unclear if 1.1.5 is vulnerable (is_repository_file is not in 1.1.5
source)
 CVE-2007-0346 (SQL injection vulnerability in index.php in SmE FileMailer 1.21
allows ...)
 	NOT-FOR-US: FileMailer
 CVE-2007-0345 (The (1) Activity Monitor.app/Contents/Resources/pmTool, (2)
Keychain ...)
@@ -1422,7 +1424,7 @@
 CVE-2007-0019 (Multiple heap-based buffer overflows in rumpusd in Rumpus 5.1
and ...)
 	NOT-FOR-US: Maxum Rumpus
 CVE-2007-0018 (Stack-based buffer overflow in the NCTAudioFile2.AudioFile
ActiveX control ...)
-	TODO: check
+	NOT-FOR-US: NCTAudioFile2 ActiveX control
 CVE-2007-0017 (Multiple format string vulnerabilities in (1) the
cdio_log_handler ...)
 	{DSA-1252-1}
 	- vlc 0.8.6-svn20061012.debian-1.2 (bug #405425; medium)
@@ -11785,7 +11787,7 @@
 CVE-2006-2308 (Directory traversal vulnerability in the IMAP service in EServ/3
3.25 ...)
 	NOT-FOR-US: EServ
 CVE-2006-2307 (Cross-site scripting (XSS) vulnerability in Website Baker CMS
before ...)
-	NOT-FOR-US: Webiste Banker
+	NOT-FOR-US: Website Baker
 CVE-2006-2306 (Cross-site scripting (XSS) vulnerability in moreinfo.asp in ...)
 	NOT-FOR-US: EPublisherPro
 CVE-2006-2305 (Multiple cross-site scripting (XSS) vulnerabilities in Jadu CMS
allow ...)
Secure testing commits - Jan 2007 - r5388 - data/CVE

[Secure-testing-commits] r5388 - data/CVE
