Author: keescook-guest Date: 2007-02-14 01:43:08 +0100 (Wed, 14 Feb 2007) New Revision: 5456 Modified: data/CVE/list Log: NFUs, various not-affected Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-02-13 23:52:07 UTC (rev 5455) +++ data/CVE/list 2007-02-14 00:43:08 UTC (rev 5456) @@ -3,55 +3,56 @@ NOTE: http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5318 NOTE: CVE assignment being pursued by ASF procedure CVE-2007-0895 (Race condition in recursive directory deletion with the (1) -r or (2) ...) - TODO: check + NOT-FOR-US: Sun Solaris CVE-2007-0894 (MediaWiki before 1.9.2 allows remote attackers to obtain sensitive ...) - TODO: check + - mediawiki <unfixed> (unimportant) + NOTE: Only path disclosure CVE-2007-0893 (Directory traversal vulnerability in phpMyVisites before 2.2 allows ...) - TODO: check + NOT-FOR-US: phpMyVisites CVE-2007-0892 (CRLF injection vulnerability in phpMyVisites before 2.2 allows remote ...) - TODO: check + NOT-FOR-US: phpMyVisites CVE-2007-0891 (Cross-site scripting (XSS) vulnerability in the GetCurrentCompletePath ...) - TODO: check + NOT-FOR-US: phpMyVisites CVE-2007-0890 (Cross-site scripting (XSS) vulnerability in scripts/passwdmysql in ...) - TODO: check + NOT-FOR-US: cPanel CVE-2007-0889 (Kiwi CatTools before 3.2.0 beta uses weak encryption ("reversible ...) - TODO: check + NOT-FOR-US: Kiwi CatTools CVE-2007-0888 (Directory traversal vulnerability in the TFTP server in Kiwi CatTools ...) - TODO: check + NOT-FOR-US: Kiwi CatTools CVE-2007-0887 (axigen 1.2.6 through 2.0.0b1 does not properly parse login ...) - TODO: check + NOT-FOR-US: Axigen CVE-2007-0886 (Heap-based buffer underflow in axigen 1.2.6 through 2.0.0b1 allows ...) - TODO: check + NOT-FOR-US: Axigen CVE-2007-0885 (Cross-site scripting (XSS) vulnerability in ...) - TODO: check + NOT-FOR-US: Rainbow.Zen CVE-2007-0884 (Buffer overflow in Roaring Penguin MIMEDefang 2.59 and 2.60 allows ...) - TODO: check + - mimedefang <not-affected> (Only versions 2.59 and 2.60 vulnerable) CVE-2007-0883 (Directory traversal vulnerability in ...) - TODO: check + NOT-FOR-US: IP3 NetAccess CVE-2007-0882 (The telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and ...) - TODO: check + NOT-FOR-US: Sun Solaris CVE-2007-0881 (PHP remote file inclusion vulnerability in the Seitenschutz plugin for ...) - TODO: check + NOT-FOR-US: OPENi-CMS CVE-2007-0880 (Capital Request Forms stores sensitive information under the web root ...) - TODO: check + NOT-FOR-US: Capital Request Forms CVE-2007-0879 (Buffer overflow in SmidgeonSoft PEBrowse Professional 8.2.1.0 allows ...) - TODO: check + NOT-FOR-US: PEBrowse CVE-2007-0878 (Unspecified vulnerability in Microsoft Internet Explorer on Windows ...) TODO: check CVE-2007-0877 (Unspecified vulnerability in March Networks DVR 3000 and 4000 Digital ...) - TODO: check + NOT-FOR-US: March Networks DVR CVE-2007-0876 (Cross-site scripting (XSS) vulnerability in Quick Digital Image ...) - TODO: check + NOT-FOR-US: Quick Digital Image Gallery CVE-2007-0875 (SQL injection vulnerability in install.php in mcRefer allows remote ...) - TODO: check + NOT-FOR-US: mcRefer CVE-2007-0874 (Allons_voter 1.0 allows remote attackers to bypass authentication and ...) - TODO: check + NOT-FOR-US: Allons_voter CVE-2007-0873 (nabopoll 1.1.2 allows remote attackers to bypass authentication and ...) - TODO: check + NOT-FOR-US: nabopoll CVE-2007-0872 (Directory traversal vulnerability in the Plain Old Webserver (POW) ...) - TODO: check + NOT-FOR-US: Plain Old Webserver CVE-2007-0871 (Unrestricted file upload vulnerability in eXtremePow eXtreme File ...) - TODO: check + NOT-FOR-US: eXtreme File Hosting CVE-2006-7010 (The mosgetparam implementation in Joomla! before 1.0.10, does not set ...) - joomla <itp> (bug #326398) CVE-2006-7009 (Joomla! before 1.0.10 allows remote attackers to spoof the frontend ...) @@ -95,25 +96,25 @@ CVE-2007-0870 (Unspecified vulnerability in Microsoft Word 2000 allows remote ...) TODO: check CVE-2007-0869 (Cross-site scripting (XSS) vulnerability in the Attachment Manager ...) - TODO: check + NOT-FOR-US: vBulletin CVE-2007-0868 (Unspecified vulnerability in the Chat Room functionality in Yahoo! ...) - TODO: check + NOT-FOR-US: Yahoo! Messenger CVE-2007-0867 (PHP remote file inclusion vulnerability in classes/menu.php in ...) - TODO: check + NOT-FOR-US: Site-Assistant CVE-2007-0866 (Unspecified vulnerability in HP OpenView Storage Data Protector on ...) - TODO: check + NOT-FOR-US: HP OpenView CVE-2007-0865 (SQL injection vulnerability in comments.php in LushiNews 1.01 and ...) - TODO: check + NOT-FOR-US: LushiWarPlaner CVE-2007-0864 (SQL injection vulnerability in register.php in LushiWarPlaner 1.0 ...) - TODO: check + NOT-FOR-US: LushiWarPlaner CVE-2007-0863 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: Trevorchan CVE-2007-0862 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: gnopaste CVE-2007-0861 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: phpCOIN CVE-2007-0860 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: local Calendar System CVE-2007-0859 RESERVED CVE-2006-6992 (Cross-domain vulnerability in GoSuRF Browser 2.62 allows remote ...) @@ -165,71 +166,71 @@ CVE-2007-0854 (Remote file inclusion vulnerability in objcache in cPanel WebHost ...) NOT-FOR-US: cPanel WebHost Manager CVE-2007-0853 (SQL injection vulnerability in DevTrack 6.0.3 allows remote attackers ...) - TODO: check + NOT-FOR-US: DevTrack CVE-2007-0852 (Cross-site scripting (XSS) vulnerability in DevTrack 6.x allows remote ...) - TODO: check + NOT-FOR-US: DevTrack CVE-2007-0851 (Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300, before ...) NOT-FOR-US: Trend Micro Scan Engine CVE-2007-0850 (scripts/cronscript.php in SysCP 1.2.15 and earlier includes and ...) - TODO: check + NOT-FOR-US: SysCP CVE-2007-0849 (scripts/cronscript.php in SysCP 1.2.15 and earlier does not properly ...) - TODO: check + NOT-FOR-US: SysCP CVE-2007-0848 (PHP remote file inclusion vulnerability in classes/class_mail.inc.php ...) - TODO: check + NOT-FOR-US: Maian Recipe CVE-2007-0847 (SQL injection vulnerability in mod/PM/reply.php in Open Tibia Server ...) - TODO: check + NOT-FOR-US: Open Tibia Server CMS CVE-2007-0846 (Cross-site scripting (XSS) vulnerability in forum.php in Open Tibia ...) - TODO: check + NOT-FOR-US: Open Tibia Server CMS CVE-2007-0845 (admin/index.php in Advanced Poll 2.0.0 through 2.0.5-dev allows remote ...) - TODO: check + NOT-FOR-US: Advanced Poll CVE-2007-0843 RESERVED CVE-2007-0842 RESERVED CVE-2007-0841 (Multiple unspecified vulnerabilities in vbDrupal before 4.7.6.0 have ...) - TODO: check + NOT-FOR-US: vbDrupal CVE-2007-0840 (Cross-site scripting (XSS) vulnerability in HLstats before 1.35 allows ...) - TODO: check + NOT-FOR-US: HLstats CVE-2007-0839 (Multiple PHP remote file inclusion vulnerabilities in ...) - TODO: check + NOT-FOR-US: WebMatic CVE-2007-0838 (FreeProxy before 3.92 Build 1626 allows malicious users to cause a ...) - TODO: check + NOT-FOR-US: FreeProxy CVE-2007-0837 (PHP remote file inclusion vulnerability in examples/inc/top.inc.php in ...) - TODO: check + NOT-FOR-US: AgerMenu CVE-2007-0836 (admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, ...) NOT-FOR-US: Coppermine Photo Gallery CVE-2007-0835 (admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, ...) NOT-FOR-US: Coppermine Photo Gallery CVE-2007-0834 (Cross-site scripting (XSS) vulnerability in FlashChat 4.7.8 allows ...) - TODO: check + NOT-FOR-US: FlashChat CVE-2007-0833 (VMware Workstation 5.5.3 34685, when the "Enable copy and paste to and ...) - TODO: check + NOT-FOR-US: VMware CVE-2007-0832 (VMware Workstation 5.5.3 34685 does not immediately change the ...) - TODO: check + NOT-FOR-US: VMware CVE-2007-0831 (** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in ...) - TODO: check + NOT-FOR-US: Atsphp CVE-2007-0830 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: vBulletin CVE-2007-0829 (avast! Server Edition before 4.7.726 does not demand a password in a ...) - TODO: check + NOT-FOR-US: avast! CVE-2007-0828 (PHP remote file inclusion vulnerability in affichearticles.php3 in ...) - TODO: check + NOT-FOR-US: MySQLNewsEngine CVE-2007-0827 (The Alibaba Alipay PTA Module ActiveX control (PTA.DLL) allows remote ...) NOT-FOR-US: Alibaba Alipay PTA Module ActiveX control CVE-2007-0826 (SQL injection vulnerability in forum.asp in Kisisel Site 2007 allows ...) - TODO: check + NOT-FOR-US: Kisisel Site CVE-2007-0825 (FlashFXP 3.4.0 build 1145 allows remote servers to cause a denial of ...) - TODO: check + NOT-FOR-US: FlashFXP CVE-2007-0824 (PHP remote file inclusion vulnerability in inhalt.php in LightRO CMS ...) - TODO: check + NOT-FOR-US: LightRO CMS CVE-2007-0823 (xterm on Slackware Linux 10.2 stores information that had been ...) - TODO: check + - xterm <not-affected> (Not a security problem) CVE-2007-0822 (umount, when running with the Linux 2.6.15 kernel on Slackware Linux ...) - TODO: check + - mount <not-affected> (Not a security problem) CVE-2007-0821 (Multiple directory traversal vulnerabilities in Cedric CLAIRE ...) - TODO: check + NOT-FOR-US: PortailPhp CVE-2007-0820 (Multiple PHP remote file inclusion vulnerabilities in Cedric CLAIRE ...) - TODO: check + NOT-FOR-US: PortailPhp CVE-2007-0819 (HP Network Node Manager (NNM) Remote Console 7.50 assigns Everyone ...) NOT-FOR-US: HP Network Node Manager CVE-2007-0818 @@ -239,29 +240,29 @@ CVE-2007-0816 (CA RPC Server service (catirpc.exe) for BrightStor ARCserve Backup ...) NOT-FOR-US: (CA) BrightStor CVE-2007-0815 (Cross-site scripting (XSS) vulnerability in images_archive.asp in ...) - TODO: check + NOT-FOR-US: Uphotogallery CVE-2007-0814 (Multiple cross-site scripting (XSS) vulnerabilities in Adrenalin''s ASP ...) - TODO: check + NOT-FOR-US: ASP Chat CVE-2007-0813 (Cross-site scripting (XSS) vulnerability in Home production ...) - TODO: check + NOT-FOR-US: MySearchEngine CVE-2007-0812 (SQL injection vulnerability in pms.php in Woltlab Burning Board (wBB) ...) - TODO: check + NOT-FOR-US: Woltlab Burning Board CVE-2007-0811 (Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on ...) TODO: check CVE-2007-0810 (PHP remote file inclusion vulnerability in MVCnPHP/BaseView.php in ...) - TODO: check + NOT-FOR-US: GeekLog CVE-2007-0809 (PHP remote file inclusion vulnerability in includes/class_template.php ...) - TODO: check + NOT-FOR-US: Categories Hierarchy CVE-2007-0808 (PHP remote file inclusion vulnerability in Mina Ajans Script allows ...) - TODO: check + NOT-FOR-US: Mina Ajans Script CVE-2007-0807 (Cross-site scripting (XSS) vulnerability in info.php in flashChat ...) - TODO: check + NOT-FOR-US: flashChat CVE-2007-0806 (Les News 2.2 allows remote attackers to bypass authentication and gain ...) - TODO: check + NOT-FOR-US: Les News CVE-2007-0805 (The ps (/usr/ucb/ps) command on HP Tru64 UNIX 5.1 1885 allows local ...) NOT-FOR-US: HP Tru64 UNIX CVE-2007-0804 (Directory traversal vulnerability in admin/subpages.php in GGCMS 1.1.0 ...) - TODO: check + NOT-FOR-US: GGCMS CVE-2007-0803 (Multiple buffer overflows in STLport before 5.0.3 allow remote ...) - stlport5 <unfixed> (bug #410864; low) CVE-2007-0802 (Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing ...)