thr3ads.net - Secure testing commits - [Secure-testing-commits] r5397

If this information is useful, please help other people find it:
Share via:
Kees Cook
2007-Feb-01 21:14 UTC
[Secure-testing-commits] r5397 - data/CVE

Author: keescook-guest
Date: 2007-02-01 21:14:24 +0100 (Thu, 01 Feb 2007)
New Revision: 5397

Modified:
   data/CVE/list
Log:
NFSs, assigned CVE for chmlib, opened mpg123 bug, fixed up a typo


Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-02-01 10:44:18 UTC (rev 5396)
+++ data/CVE/list	2007-02-01 20:14:24 UTC (rev 5397)
@@ -1,51 +1,51 @@
 CVE-2007-0633 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: MyNews
 CVE-2007-0632 (SQL injection vulnerability in artreplydelete.asp in ASP EDGE
1.3a and ...)
-	TODO: check
+	NOT-FOR-US: ASP EDGE
 CVE-2007-0631 (SQL injection vulnerability in index.php in Eclectic Designs
...)
-	TODO: check
+	NOT-FOR-US: Eclectic Designs CascadianFAQ
 CVE-2007-0630 (Multiple SQL injection vulnerabilities in the generate_csv
function in ...)
-	TODO: check
+	NOT-FOR-US: xNews
 CVE-2007-0629 (The www_purgeList method in Plain Black WebGUI before 7.3.8 does
not ...)
-	TODO: check
+	NOT-FOR-US: Plain Black WebGUI 
 CVE-2007-0628 (Cross-site scripting (XSS) vulnerability in Sun Java System
Access ...)
-	TODO: check
+	NOT-FOR-US: Sun Java System Access Manager
 CVE-2007-0627 (Michael Still gtalkbot before 1.2 places username and password
...)
-	TODO: check
+	NOT-FOR-US: gtalkbot
 CVE-2007-0626 (The comment_form_add_preview function in comment.module in
Drupal ...)
 	TODO: check
 CVE-2007-0625 (nxconfigure.sh in NoMachine NX Server before 2.1.0-18 does not
...)
-	TODO: check
+	NOT-FOR-US: NoMachine NX Server
 CVE-2007-0624 (user.php in MAXdev MDPro 1.0.76 allows remote attackers to
obtain the ...)
-	TODO: check
+	NOT-FOR-US: MAXdev MDPro
 CVE-2007-0623 (SQL injection vulnerability in index.php in MAXdev MDPro 1.0.76
allows ...)
-	TODO: check
+	NOT-FOR-US: MAXdev MDPro
 CVE-2007-0622 (Cross-site request forgery (CSRF) vulnerability in MyBB (aka
...)
-	TODO: check
+	NOT-FOR-US: MyBulletinBoard
 CVE-2007-0621 (Unspecified vulnerability in Microsoft Word 2003 has unknown
impact ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Word
 CVE-2007-0620 (download.php in FD Script 1.3.2 and earlier allows remote
attackers to ...)
-	TODO: check
+	NOT-FOR-US: FD Script
 CVE-2007-0619 (chmlib before 0.39 allows user-assisted remote attackers to
execute ...)
-	TODO: check
+	- chmlib 2:0.39-1 (bug #408603; medium)
 CVE-2007-0618 (Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd,
and (4) ...)
-	TODO: check
+	NOT-FOR-US: IBM AIX
 CVE-2007-0617 (The SpamBlocker.dll ActiveX control in Earthlink TotalAccess is
marked ...)
-	TODO: check
+	NOT-FOR-US: Earthlink TotalAccess
 CVE-2007-0616 (Directory traversal vulnerability in zen/template-functions.php
in ...)
-	TODO: check
+	NOT-FOR-US: zenphoto
 CVE-2007-0615 (Unspecified vulnerability in Hitachi JP1/HIBUN Advanced Edition
...)
-	TODO: check
+	NOT-FOR-US: Hitachi
 CVE-2007-0614 (The Bonjour functionality in mDNSResponder, iChat 3.1.6, and
...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2007-0613 (The Bonjour functionality in mDNSResponder, iChat 3.1.6, and
...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2007-0612 (Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003,
and ...)
-	TODO: check
+	NOT-FOR-US: Microsoft ActiveX
 CVE-2007-0611 (Multiple cross-site scripting (XSS) vulnerabilities in Free LAN
...)
-	TODO: check
+	NOT-FOR-US: Free LAN Intranet Portal
 CVE-2007-0610 (Cross-site scripting (XSS) vulnerability in the mailform feature
in ...)
-	TODO: check
+	NOT-FOR-US: CMSimple
 CVE-2007-0609
 	RESERVED
 CVE-2007-0608
@@ -57,101 +57,101 @@
 CVE-2007-0605
 	RESERVED
 CVE-2007-0604 (Cross-site scripting (XSS) vulnerability in Movable Type (MT)
before ...)
-	TODO: check
+	NOT-FOR-US: Movable Type
 CVE-2007-0603 (PGP Desktop before 9.5.1 does not validate data objects received
over ...)
-	TODO: check
+	NOT-FOR-US: PGP Desktop
 CVE-2007-0602 (Buffer overflow in libvsapi.so in the VSAPI library in Trend
Micro ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro AntiVirus
 CVE-2007-0601 (common/safety.php in Aztek Forum 4.00 allows remote attackers to
enter ...)
-	TODO: check
+	NOT-FOR-US: Aztek Forum
 CVE-2007-0600 (SQL injection vulnerability in news_page.asp in Martyn Kilbryde
...)
-	TODO: check
+	NOT-FOR-US: makit news
 CVE-2007-0599 (Variable overwrite vulnerability in common/config.php in Aztek
Forum ...)
-	TODO: check
+	NOT-FOR-US: Aztek Forum
 CVE-2007-0598 (SQL injection vulnerability in forum/load.php in Aztek Forum
4.00 ...)
-	TODO: check
+	NOT-FOR-US: Aztek Forum
 CVE-2007-0597 (Aztek Forum 4.00 allows remote attackers to obtain sensitive
...)
-	TODO: check
+	NOT-FOR-US: Aztek Forum
 CVE-2007-0596 (PHP remote file inclusion vulnerability in index/main.php in
Aztek ...)
-	TODO: check
+	NOT-FOR-US: Aztek Forum
 CVE-2007-0595 (Cross-site scripting (XSS) vulnerability in high5 Review script
allows ...)
-	TODO: check
+	NOT-FOR-US: high5 Review
 CVE-2007-0594 (Siteman 2.0.x2 stores sensitive information under the web root
with ...)
-	TODO: check
+	NOT-FOR-US: Siteman
 CVE-2007-0593 (Siteman 1.1.11 stores sensitive information under the web root
with ...)
-	TODO: check
+	NOT-FOR-US: Siteman
 CVE-2007-0592 (Cross-site scripting (XSS) vulnerability in EzDatabase 2.1.3
allows ...)
-	TODO: check
+	NOT-FOR-US: EzDatabase
 CVE-2007-0591 (PHP remote file inclusion vulnerability in configure.php in Vu
Le An ...)
-	TODO: check
+	NOT-FOR-US: VirtualPath
 CVE-2007-0590 (Cross-site scripting (XSS) vulnerability in busca2.asp in Forum
Livre ...)
-	TODO: check
+	NOT-FOR-US: Forum Livre
 CVE-2007-0589 (SQL injection vulnerability in Forum Livre 1.0 allows remote
attackers ...)
-	TODO: check
+	NOT-FOR-US: Forum Livre
 CVE-2007-0588 (The InternalUnpackBits function in Apple QuickDraw, as used by
...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2007-0587
 	RESERVED
 CVE-2007-0586
 	RESERVED
 CVE-2007-0585 (include/debug.php in Webfwlog 0.92 and earlier, when
register_globals ...)
-	TODO: check
+	NOT-FOR-US: Webfwlog
 CVE-2007-0584 (PHP remote file inclusion vulnerability in
membres/membreManager.php ...)
-	TODO: check
+	NOT-FOR-US: PhP Generic
 CVE-2007-0583 (Multiple cross-site scripting (XSS) vulnerabilities in HTTP
Commander ...)
-	TODO: check
+	NOT-FOR-US: HTTP Commander
 CVE-2007-0582 (SQL injection vulnerability in default.asp in ChernobiLe 1.0
allows ...)
-	TODO: check
+	NOT-FOR-US: ChernobiLe
 CVE-2007-0581 (PHP remote file inclusion vulnerability in functions.php in
EclipseBB ...)
-	TODO: check
+	NOT-FOR-US: EclipseBB
 CVE-2007-0580 (PHP remote file inclusion vulnerability in menu.php in Foro
Domus 2.10 ...)
-	TODO: check
+	NOT-FOR-US: Foro Domus
 CVE-2007-0579 (Unspecified vulnerability in the calendar component in Horde
Groupware ...)
-	TODO: check
+	NOT-FOR-US: Horde Groupware
 CVE-2007-0578 (The http_open function in httpget.c in mpg123 before 0.64 allows
...)
-	TODO: check
+	- mpg123 <unfixed> (bug #409296; low)
 CVE-2007-0577 (PHP remote file inclusion vulnerability in function.inc.php in
...)
-	TODO: check
+	NOT-FOR-US: ACGVclick
 CVE-2007-0576 (PHP remote file inclusion vulnerability in xt_counter.php in
Xt-Stats ...)
-	TODO: check
+	NOT-FOR-US: Xt-Stats
 CVE-2007-0575 (Multiple SQL injection vulnerabilities in the administrative
login ...)
-	TODO: check
+	NOT-FOR-US: ASPCode.net AdMentor
 CVE-2007-0574 (SQL injection vulnerability in rss/show_webfeed.php in SpoonLabs
Vivvo ...)
-	TODO: check
+	NOT-FOR-US: SpoonLabs Vivvo Article Management CMS
 CVE-2007-0573 (PHP remote file inclusion vulnerability in
includes/config.inc.php in ...)
-	TODO: check
+	NOT-FOR-US: nsGalPHP
 CVE-2007-0572 (PHP remote file inclusion vulnerability in
include/irc/phpIRC.php in ...)
-	TODO: check
+	NOT-FOR-US: Drunken:Golem Gaming Portal
 CVE-2007-0571 (PHP remote file inclusion vulnerability in
include/lib/lib_head.php in ...)
-	TODO: check
+	NOT-FOR-US: phpMyReports
 CVE-2007-0570 (PHP remote file inclusion vulnerability in ains_main.php in
Johannes ...)
-	TODO: check
+	NOT-FOR-US: Ad Fundum Integratable News Script
 CVE-2007-0569 (SQL injection vulnerability in xNews.php in xNews 1.3 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: xNews
 CVE-2007-0568 (PHP remote file inclusion vulnerability in
system/lib/package.php in ...)
-	TODO: check
+	NOT-FOR-US: MyPHPCommander
 CVE-2007-0567 (Cross-site scripting (XSS) vulnerability in admin.php in ...)
-	TODO: check
+	NOT-FOR-US: Interactive-Scripts.Com
 CVE-2007-0566 (SQL injection vulnerability in news_detail.asp in ASP NEWS 3 and
...)
-	TODO: check
+	NOT-FOR-US: ASP NEWS
 CVE-2007-0565 (CGI-Rescue Shopping Basket Professional 7.50 and earlier allows
remote ...)
-	TODO: check
+	NOT-FOR-US: CGI RESCUE
 CVE-2007-0564 (The license registering interface in Symantec Web Security (SWS)
...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2007-0563 (Multiple cross-site scripting (XSS) vulnerabilities in Symantec
Web ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2007-0562 (Windows Explorer (explorer.exe) 6.0.2900.2180 in Microsoft
Windows XP ...)
-	TODO: check
+	NOT-FOR-US: Windows Explorer
 CVE-2007-0561 (Multiple PHP remote file inclusion vulnerabilities in Xero
Portal 1.2 ...)
-	TODO: check
+	NOT-FOR-US: Xero Portal
 CVE-2007-0560 (SQL injection vulnerability in user.asp in ASP EDGE 1.2b and
earlier ...)
-	TODO: check
+	NOT-FOR-US: ASP EDGE
 CVE-2007-0559 (PHP remote file inclusion vulnerability in config.php in RPW
1.0.2 ...)
-	TODO: check
+	NOT-FOR-US: RPW
 CVE-2007-0558 (PHP remote file inclusion vulnerability in modules/mail/main.php
in ...)
-	TODO: check
+	NOT-FOR-US: vHostAdmin
 CVE-2005-4826 (Unspecified vulnerability in the VLAN Trunking Protocol (VTP)
feature ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2007-0557 (rMake before 1.0.4 drops root privileges in a way that retains
the ...)
 	NOT-FOR-US: rPath
 CVE-2007-0556
@@ -179,7 +179,7 @@
 CVE-2007-0545 (Maxtricity Tagger 0.1 stores sensitive information under the web
root ...)
 	NOT-FOR-US: Maxtricity Tagger
 CVE-2007-0544 (Cross-site scripting (XSS) vulnerability in private.php in MyBB
(aka ...)
-	NOT-FOR-US: MyBulletinBoard)
+	NOT-FOR-US: MyBulletinBoard
 CVE-2007-0543 (ZixForum 1.14 and earlier stores sensitive information under the
web ...)
 	NOT-FOR-US: ZixForum
 CVE-2007-0542 (Cross-site scripting (XSS) vulnerability in show.php in 212cafe
...)
@@ -357,8 +357,6 @@
 	- bbclone <unfixed> (bug #408839; medium)
 CVE-2007-XXXX [hinfo code injection]
 	- hinfo 1.02-3.1 (bug #402316)
-CVE-2007-XXXX [unsafe alloca() call in chmlib]
-	- chmlib 2:0.39-1 (bug #408603; medium)
 CVE-2007-0494 (ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3,
9.4.0a1 ...)
 	{DSA-1254-1}
 	- bind9 1:9.3.4-2 (medium; bug #408432)
@@ -384,7 +382,7 @@
 CVE-2007-0467 (crashdump in Apple Mac OS X 10.4.8 allows local users in the
admin ...)
 	TODO: check
 CVE-2007-0466 (Telestream Flip4Mac Windows Media Components for Quicktime
2.1.0.33 ...)
-	TODO: check
+	NOT-FOR-US: Telestream
 CVE-2007-0465 (Format string vulnerability in Apple Installer 2.1.5 on Mac OS X
...)
 	TODO: check
 CVE-2007-0464 (The _CFNetConnectionWillEnqueueRequests function in CFNetwork
129.19 ...)
Secure testing commits - Feb 2007 - r5397 - data/CVE

[Secure-testing-commits] r5397 - data/CVE
