Author: keescook-guest Date: 2007-02-15 02:51:05 +0100 (Thu, 15 Feb 2007) New Revision: 5460 Modified: data/CVE/list Log: NFUs, php5 & iceweasel open, ejabberd & firefox-sage fixed Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-02-14 08:14:14 UTC (rev 5459) +++ data/CVE/list 2007-02-15 01:51:05 UTC (rev 5460) @@ -1,29 +1,29 @@ CVE-2007-0912 (Cross-Site Request Forgery (CSRF) vulnerability in admin/admin.adm.php ...) - TODO: check + NOT-FOR-US: JPortal CVE-2007-0911 (Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow ...) - TODO: check + - php5 <unfixed> (bug #410561; medium) CVE-2007-0910 (Unspecified vulnerability PHP before 5.2.1 allows attackers to ...) - TODO: check + - php5 <unfixed> (bug #410561; medium) CVE-2007-0909 (Multiple format string vulnerabilities in PHP before 5.2.1 might allow ...) - TODO: check + - php5 <unfixed> (bug #410561; medium) CVE-2007-0908 (The wddx extension in PHP before 5.2.1 allows remote attackers to ...) - TODO: check + - php5 <unfixed> (bug #410561; medium) CVE-2007-0907 (Buffer underflow in PHP before 5.2.1 allows attackers to cause a ...) - TODO: check + - php5 <unfixed> (bug #410561; medium) CVE-2007-0906 (Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause ...) - TODO: check + - php5 <unfixed> (bug #410561; medium) CVE-2007-0905 (PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir ...) - TODO: check + - php5 <unfixed> (bug #410561; medium) CVE-2007-0904 (SQL injection vulnerability in projects.php in LightRO CMS 1.0 allows ...) - TODO: check + NOT-FOR-US: LightRO CMS CVE-2007-0903 (Unspecified vulnerability in the mod_roster_odbc module in ejabberd ...) - TODO: check + - ejabberd 1.1.2-5 CVE-2007-0902 (Unspecified vulnerability in the "Show debugging information" feature ...) TODO: check CVE-2007-0901 (Multiple cross-site scripting (XSS) vulnerabilities in Info pages in ...) TODO: check CVE-2007-0900 (Multiple PHP remote file inclusion vulnerabilities in TagIt! Tagboard ...) - TODO: check + NOT-FOR-US: TagIt! Tagboard CVE-2007-0899 RESERVED CVE-2007-0898 @@ -31,7 +31,7 @@ CVE-2007-0897 RESERVED CVE-2007-0896 (Cross-site scripting (XSS) vulnerability in the (1) Sage before ...) - TODO: check + - firefox-sage 1.3.10-1 CVE-2007-0451 RESERVED - spamassassin 3.1.8 (bug #410843) @@ -300,11 +300,11 @@ CVE-2007-0803 (Multiple buffer overflows in STLport before 5.0.3 allow remote ...) - stlport5 <unfixed> (bug #410864; low) CVE-2007-0802 (Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing ...) - TODO: check + - iceweasel <unfixed> (low) CVE-2007-0801 (The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox ...) - TODO: check + - iceweasel <unfixed> (low) CVE-2007-0800 (Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked ...) - TODO: check + - iceweasel <unfixed> (medium) CVE-2007-0799 (SQL injection vulnerability in badword.asp in Ublog Reload 1.0.5 ...) NOT-FOR-US: Ublog Reload CVE-2007-0798 (Multiple cross-site scripting (XSS) vulnerabilities in Ublog Reload ...)