Author: keescook-guest Date: 2007-02-14 00:52:07 +0100 (Wed, 14 Feb 2007) New Revision: 5455 Modified: data/CVE/list Log: NFUs, joomla, stlport5 Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-02-13 22:22:42 UTC (rev 5454) +++ data/CVE/list 2007-02-13 23:52:07 UTC (rev 5455) @@ -53,41 +53,41 @@ CVE-2007-0871 (Unrestricted file upload vulnerability in eXtremePow eXtreme File ...) TODO: check CVE-2006-7010 (The mosgetparam implementation in Joomla! before 1.0.10, does not set ...) - TODO: check + - joomla <itp> (bug #326398) CVE-2006-7009 (Joomla! before 1.0.10 allows remote attackers to spoof the frontend ...) - TODO: check + - joomla <itp> (bug #326398) CVE-2006-7008 (Unspecified vulnerability in Joomla! before 1.0.10 has unknown impact ...) - TODO: check + - joomla <itp> (bug #326398) CVE-2006-7007 (Buffer overflow in Tiny FTPd 1.4 and earlier allows remote attackers ...) - TODO: check + NOT-FOR-US: Tiny FTPd CVE-2006-7006 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: Somery CVE-2006-7005 (SQL injection vulnerability in item.php in PSY Auction allows remote ...) - TODO: check + NOT-FOR-US: PSY Auction CVE-2006-7004 (Cross-site scripting (XSS) vulnerability in email_request.php in PSY ...) - TODO: check + NOT-FOR-US: PSY Auction CVE-2006-7003 (PHP remote file inclusion vulnerability in admin/index.php in Fusion ...) - TODO: check + NOT-FOR-US: Fusion Polls CVE-2006-7002 (Cross-site scripting (XSS) vulnerability in add_comment.php in ...) - TODO: check + NOT-FOR-US: Wheatblog CVE-2006-7001 (Directory traversal vulnerability in avatar.php in PhpMyChat Plus 1.9 ...) - TODO: check + NOT-FOR-US: PhpMyChat Plus CVE-2006-7000 (Headstart Solutions DeskPRO allows remote attackers to obtain the full ...) - TODO: check + NOT-FOR-US: DeskPRO CVE-2006-6999 (attachment.php in Headstart Solutions DeskPRO allows remote attackers ...) - TODO: check + NOT-FOR-US: DeskPRO CVE-2006-6998 (install/loader_help.php in Headstart Solutions DeskPRO allows remote ...) - TODO: check + NOT-FOR-US: DeskPRO CVE-2006-6997 (Unspecified vulnerability in a cryptographic feature in MailEnable ...) - TODO: check + NOT-FOR-US: MailEnable CVE-2006-6996 (Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS ...) - TODO: check + NOT-FOR-US: warforge.NEWS CVE-2006-6995 (mycontacts.php in V3 Chat allows remote authenticated users to gain ...) - TODO: check + NOT-FOR-US: V3 Chat CVE-2006-6994 (Unrestricted file upload vulnerability in add.asp in OzzyWork Gallery, ...) - TODO: check + NOT-FOR-US: OzzyWork Gallery CVE-2006-6993 (Multiple SQL injection vulnerabilities in pages/addcomment2.php in ...) - TODO: check + NOT-FOR-US: Neuron Blog CVE-2005-4828 (Kolab Server 2.0.0 and 2.0.1 does not properly handle when a large ...) - kolabd <not-affected> (Only vulnerable in 2.0-2.1; not packaged Debian) CVE-2007-XXXX [dokuwiki conf directory accessible by web users] @@ -117,25 +117,25 @@ CVE-2007-0859 RESERVED CVE-2006-6992 (Cross-domain vulnerability in GoSuRF Browser 2.62 allows remote ...) - TODO: check + NOT-FOR-US: GoSuRF Browser CVE-2006-6991 (Cross-domain vulnerability in Fast Browser Pro 8.1 allows remote ...) - TODO: check + NOT-FOR-US: Fast Browser Pro CVE-2006-6990 (Cross-domain vulnerability in Enigma Browser 3.8.8 allows remote ...) - TODO: check + NOT-FOR-US: Enigma Browser CVE-2006-6989 (Cross-domain vulnerability in NetCaptor 4.5.7 Personal Edition allows ...) - TODO: check + NOT-FOR-US: NetCaptor CVE-2006-6988 (Cross-domain vulnerability in Slim Browser 4.07 build 100 allows ...) - TODO: check + NOT-FOR-US: Slim Browser CVE-2006-6987 (Cross-domain vulnerability in FineBrowser Freeware 3.2.2 allows remote ...) - TODO: check + NOT-FOR-US: FineBrowser Freeware CVE-2006-6986 (Cross-domain vulnerability in PhaseOut 5.4.4 allows remote attackers ...) - TODO: check + NOT-FOR-US: PhaseOut CVE-2006-6985 (Cross-domain vulnerability in Maxthon 1.5.6 build 42 allows remote ...) - TODO: check + NOT-FOR-US: Maxthon CVE-2006-6984 (Cross-domain vulnerability in GreenBrowser 3.4.0622 allows remote ...) - TODO: check + NOT-FOR-US: GreenBrowser CVE-2006-6983 (Cross-domain vulnerability in MYweb4net Browser 3.8.8.0 allows remote ...) - TODO: check + NOT-FOR-US: MYweb4net Browser CVE-2007-XXXX [Firefox-sage XSS] - firefox-sage <unfixed> NOTE: http://secunia.com/advisories/24086/ @@ -263,7 +263,7 @@ CVE-2007-0804 (Directory traversal vulnerability in admin/subpages.php in GGCMS 1.1.0 ...) TODO: check CVE-2007-0803 (Multiple buffer overflows in STLport before 5.0.3 allow remote ...) - TODO: check + - stlport5 <unfixed> (bug #410864; low) CVE-2007-0802 (Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing ...) TODO: check CVE-2007-0801 (The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox ...) @@ -271,15 +271,15 @@ CVE-2007-0800 (Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked ...) TODO: check CVE-2007-0799 (SQL injection vulnerability in badword.asp in Ublog Reload 1.0.5 ...) - TODO: check + NOT-FOR-US: Ublog Reload CVE-2007-0798 (Multiple cross-site scripting (XSS) vulnerabilities in Ublog Reload ...) - TODO: check + NOT-FOR-US: Ublog Reload CVE-2007-0797 (PHP remote file inclusion vulnerability in theme/settings.php in ...) - TODO: check + NOT-FOR-US: SMA-DB CVE-2007-0796 (Blue Coat Systems WinProxy 6.1a and 6.0 r1c, and possibly earlier, ...) - TODO: check + NOT-FOR-US: WinProxy CVE-2007-0795 (Multiple PHP remote file inclusion vulnerabilities in Wap Portal ...) - TODO: check + NOT-FOR-US: Wap Portal Server CVE-2007-0794 (** DISPUTED ** ...) NOT-FOR-US: GlobalMegaCorp dvddb CVE-2007-0793 (PHP remote file inclusion vulnerability in inc/common.php in ...) @@ -339,6 +339,7 @@ NOT-FOR-US: 3proxy CVE-2006-6980 (The magnatune.com album browser in Amarok allows attackers to cause a ...) TODO: check + NOTE: This seems to only be a crash. Needs further investigation. CVE-2006-6979 (The ruby handlers in Amarok do not properly quote text in certain ...) - amarok <unfixed> (bug #410850; medium) CVE-2006-6978 (Cross-site scripting (XSS) vulnerability in the "Basic Toolbar ...) @@ -1102,7 +1103,7 @@ CVE-2007-0447 RESERVED CVE-2007-0446 (Stack-based buffer overflow in magentproc.exe for Hewlett-Packard ...) - TODO: check + NOT-FOR-US: HP Mercury CVE-2007-0445 RESERVED CVE-2007-0444 (Stack-based buffer overflow in the print provider library (cpprov.dll) ...)