Author: keescook-guest Date: 2007-02-28 20:10:35 +0100 (Wed, 28 Feb 2007) New Revision: 5494 Modified: data/CVE/list Log: NFUs, iceweasel, tor, typo3, dcc, kernel issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-02-28 08:14:13 UTC (rev 5493) +++ data/CVE/list 2007-02-28 19:10:35 UTC (rev 5494) @@ -1,403 +1,403 @@ CVE-2007-1160 (webSPELL 4.0, and possibly later versions, allows remote attackers to ...) - TODO: check + NOT-FOR-US: webSPELL CVE-2007-1159 (Cross-site scripting (XSS) vulnerability in modules/out.php in ...) - TODO: check + NOT-FOR-US: Pyrophobia CVE-2007-1158 (Directory traversal vulnerability in index.php in the Pagesetter 6.2.0 ...) - TODO: check + NOT-FOR-US: Pagesetter CVE-2007-1157 (Cross-site request forgery (CSRF) vulnerability in ...) - TODO: check + NOT-FOR-US: JBoss CVE-2007-1156 (JBrowser allows remote attackers to bypass authentication and access ...) - TODO: check + NOT-FOR-US: JBrowser CVE-2007-1155 (Unrestricted file upload vulnerability in webSPELL allows remote ...) - TODO: check + NOT-FOR-US: webSPELL CVE-2007-1154 (SQL injection vulnerability in webSPELL allows remote attackers to ...) - TODO: check + NOT-FOR-US: webSPELL CVE-2007-1153 (Multiple PHP remote file inclusion vulnerabilities in CutePHP CuteNews ...) - TODO: check + NOT-FOR-US: CuteNews CVE-2007-1152 (Multiple directory traversal vulnerabilities in Pyrophobia 2.1.3.1 ...) - TODO: check + NOT-FOR-US: Pyrophobia CVE-2007-1151 (Cross-site scripting (XSS) vulnerability in LoveCMS 1.4 allows remote ...) - TODO: check + NOT-FOR-US: LoveCMS CVE-2007-1150 (Unrestricted file upload vulnerability in LoveCMS 1.4 allows remote ...) - TODO: check + NOT-FOR-US: LoveCMS CVE-2007-1149 (Multiple directory traversal vulnerabilities in LoveCMS 1.4 allow ...) - TODO: check + NOT-FOR-US: LoveCMS CVE-2007-1148 (PHP remote file inclusion vulnerability in install/index.php in ...) - TODO: check + NOT-FOR-US: LoveCMS CVE-2007-1147 (PHP remote file inclusion vulnerability in view.php in hbm allows ...) - TODO: check + NOT-FOR-US: hbm CVE-2007-1146 (PHP remote file inclusion vulnerability in function.php in arabhost ...) - TODO: check + NOT-FOR-US: arabhost CVE-2007-1145 (Multiple cross-site scripting (XSS) vulnerabilities in Kayako ...) - TODO: check + NOT-FOR-US: Kayako SupportSuite CVE-2007-1144 (Directory traversal vulnerability in jwpn-photos.php in J-Web Pics ...) - TODO: check + NOT-FOR-US: J-Web Pics Navigator CVE-2007-1143 (Directory traversal vulnerability in pn-menu.php in J-Web Pics ...) - TODO: check + NOT-FOR-US: J-Web Pics Navigator CVE-2007-1142 (Cross-site scripting (XSS) vulnerability in Magic News Plus 1.0.2 ...) - TODO: check + NOT-FOR-US: Magic News Plus CVE-2007-1141 (PHP remote file inclusion vulnerability in preview.php in Magic News ...) - TODO: check + NOT-FOR-US: Magic News Plus CVE-2007-1140 (Directory traversal vulnerability in edit.php in pheap allows remote ...) - TODO: check + NOT-FOR-US: pheap CVE-2007-1139 (Unrestricted file upload vulnerability in Cromosoft Simple Plantilla ...) - TODO: check + NOT-FOR-US: Simple Plantilla PHP CVE-2007-1138 (Absolute path traversal vulnerability in list_main_pages.php in ...) - TODO: check + NOT-FOR-US: Simple Plantilla PHP CVE-2007-1137 (putmail.py in Putmail before 1.4 does not detect when a user attempts ...) - TODO: check + NOT-FOR-US: Putmail CVE-2007-1136 (index.php in WebMplayer before 0.6.1-Alpha allows remote attackers to ...) - TODO: check + NOT-FOR-US: WebMplayer CVE-2007-1135 (Multiple SQL injection vulnerabilities in WebMplayer before ...) - TODO: check + NOT-FOR-US: WebMplayer CVE-2007-1134 (Unspecified vulnerability in Watchtower (WT) before 0.12 has unknown ...) - TODO: check + NOT-FOR-US: Watchtower CVE-2007-1133 (PHP remote file inclusion vulnerability in fcring.php in FCRing 1.3 ...) - TODO: check + NOT-FOR-US: FCRing CVE-2007-1132 (Multiple cross-site scripting (XSS) vulnerabilities in MTCMS 2.2 allow ...) - TODO: check + NOT-FOR-US: MTCMS CVE-2007-1131 (PHP remote file inclusion vulnerability in sinapis.php in Sinapis ...) - TODO: check + NOT-FOR-US: Sinapis Forum CVE-2007-1130 (PHP remote file inclusion vulnerability in sinagb.php in Sinapis ...) - TODO: check + NOT-FOR-US: Sinapis Gastebuch CVE-2007-1129 (Multiple unrestricted file upload vulnerabilities in MTCMS 3.2 allow ...) - TODO: check + NOT-FOR-US: MTCMS CVE-2007-1128 (shopkitplus allows remote attackers to obtain sensitive information ...) - TODO: check + NOT-FOR-US: shopkitplus CVE-2007-1127 (Directory traversal vulnerability in enc/stylecss.php in shopkitplus ...) - TODO: check + NOT-FOR-US: shopkitplus CVE-2007-1126 (Directory traversal vulnerability in index.php in xtcommerce allows ...) - TODO: check + NOT-FOR-US: xtcommerce CVE-2007-1125 (Cross-site scripting (XSS) vulnerability in gallery.php in XeroXer ...) - TODO: check + NOT-FOR-US: XeroXer Simple CVE-2007-1124 (Directory traversal vulnerability in gallery.php in XeroXer Simple ...) - TODO: check + NOT-FOR-US: XeroXer Simple CVE-2007-1123 (Multiple PHP remote file inclusion vulnerabilities in ZPanel 2.0 allow ...) - TODO: check + NOT-FOR-US: ZPanel CVE-2007-1122 (Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ...) - TODO: check + NOT-FOR-US: ZephyrSoft Toolbox Address Book Continued CVE-2007-1121 (Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ...) - TODO: check + NOT-FOR-US: ZephyrSoft Toolbox Address Book Continued CVE-2007-1120 (The (1) Import.LoadFromURL and (2) Export.asText.SaveToFile functions ...) - TODO: check + NOT-FOR-US: TeeChart Pro ActiveX control CVE-2007-1119 (Unspecified vulnerability in Novell ZENworks 7 Desktop Management ...) - TODO: check + NOT-FOR-US: Novell ZENworks CVE-2007-1118 (Multiple PHP remote file inclusion vulnerabilities in eFiction 3.1.1 ...) - TODO: check + NOT-FOR-US: eFiction CVE-2007-1117 (Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 ...) - TODO: check + NOT-FOR-US: Microsoft Office CVE-2007-1116 (The CheckLoadURI function in Mozilla Firefox 1.8 lists the about: URI ...) - TODO: check + - iceweasel <unfixed> (medium) CVE-2007-1115 (The child frames in Opera 9 inherit the default charset from the ...) - TODO: check + NOT-FOR-US: Opera CVE-2007-1114 (The child frames in Microsoft Internet Explorer 7 inherit the default ...) - TODO: check + NOT-FOR-US: Microsoft IE CVE-2007-1113 RESERVED CVE-2007-1112 RESERVED CVE-2007-1111 (Multiple cross-site scripting (XSS) vulnerabilities in ActiveCalendar ...) - TODO: check + NOT-FOR-US: ActiveCalendar CVE-2007-1110 (Directory traversal vulnerability in data/showcode.php in ...) - TODO: check + NOT-FOR-US: ActiveCalendar CVE-2007-1109 (Multiple cross-site scripting (XSS) vulnerabilities in Phpwebgallery ...) - TODO: check + NOT-FOR-US: Phpwebgallery CVE-2007-1108 (PHP remote file inclusion vulnerability in index.php in Christian ...) - TODO: check + NOT-FOR-US: CS-Gallery CVE-2007-1107 (SQL injection vulnerability in thumbnails.php in Coppermine Photo ...) - TODO: check + NOT-FOR-US: Coppermine Photo Gallery CVE-2007-1106 (PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: NoMoKeTos Rules CVE-2007-1105 (PHP remote file inclusion vulnerability in functions.php in Extreme ...) - TODO: check + NOT-FOR-US: phpBB Extreme CVE-2007-1104 (PHP remote file inclusion vulnerability in top.php in PHP Module ...) - TODO: check + NOT-FOR-US: PHP Module Implementation CVE-2007-1103 (Tor does not verify a node''s uptime and bandwidth advertisements, ...) - TODO: check + - tor <unfixed> (medium) CVE-2007-1102 (Photostand 1.2.0 allows remote attackers to obtain sensitive ...) - TODO: check + NOT-FOR-US: Photostand CVE-2007-1101 (Multiple cross-site scripting (XSS) vulnerabilities in Photostand ...) - TODO: check + NOT-FOR-US: Photostand CVE-2007-1100 (Directory traversal vulnerability in download.php in Pickle allows ...) - TODO: check + NOT-FOR-US: Pickle CVE-2007-1099 (dbclient in Dropbear SSH client before 0.49 does not sufficiently warn ...) - TODO: check + NOT-FOR-US: Dropbear SSH CVE-2007-1098 (Multiple unspecified vulnerabilities in ScryMUD before 2.1.11 have ...) - TODO: check + NOT-FOR-US: ScryMUD CVE-2007-1097 (Unspecified vulnerability in the upload tool in Wiclear before 0.11.1 ...) - TODO: check + NOT-FOR-US: Wiclear CVE-2007-1096 (Cross-site scripting (XSS) vulnerability in ps_cart.php in VirtueMart ...) - TODO: check + NOT-FOR-US: VirtueMart CVE-2007-1095 (Mozilla Firefox does not properly implement JavaScript onUnload ...) - TODO: check + - iceweasel <unfixed> (medium) CVE-2007-1094 (Microsoft Internet Explorer 7 allows remote attackers to cause a ...) - TODO: check + NOT-FOR-US: Microsoft IE CVE-2007-1093 (Multiple unspecified vulnerabilities in JP1/Cm2/Network Node Manager ...) - TODO: check + NOT-FOR-US: Network Node Manager CVE-2007-1092 (Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow ...) - TODO: check + - iceweasel 2.0.0.2+dfsg-1 (low) CVE-2007-1091 (Microsoft Internet Explorer 7 allows remote attackers to prevent users ...) - TODO: check + NOT-FOR-US: Microsoft IE CVE-2007-1090 (Microsoft Windows Explorer on Windows XP and 2003 allows remote ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2007-1089 (IBM DB2 Universal Database (UDB) 9.1 GA through 9.1 FP1 allows local ...) - TODO: check + NOT-FOR-US: IBM DB2 CVE-2007-1088 (Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and ...) - TODO: check + NOT-FOR-US: IBM DB2 CVE-2007-1087 (IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not ...) - TODO: check + NOT-FOR-US: IBM DB2 CVE-2007-1086 (Unspecified binaries in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 ...) - TODO: check + NOT-FOR-US: IBM DB2 CVE-2007-1085 (Cross-site scripting (XSS) vulnerability in Google Desktop allows ...) - TODO: check + NOT-FOR-US: Google Desktop CVE-2007-1084 (Mozilla Firefox 2.0.0.1 and earlier does not prompt users before ...) - TODO: check + - iceweasel <unfixed> (medium) CVE-2007-1083 (Buffer overflow in the Configuration Checker (ConfigChk) ActiveX ...) - TODO: check + NOT-FOR-US: ConfigChk ActiveX control CVE-2007-1082 (FTP Explorer 1.0.1 Build 047 allows remote servers to cause a denial ...) - TODO: check + NOT-FOR-US: FTP Explorer CVE-2007-1081 (The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, ...) - TODO: check + - typo3 <unfixed> (low) CVE-2007-1080 (Multiple heap-based buffer overflows in TurboFTP 5.30 Build 572 allow ...) - TODO: check + NOT-FOR-US: TurboFTP CVE-2007-1079 (Stack-based buffer overflow in Rhino Software, Inc. FTP Voyager ...) - TODO: check + NOT-FOR-US: FTP Voyager CVE-2007-1078 (PHP remote file inclusion vulnerability in index.php in ...) - TODO: check + NOT-FOR-US: FlashGameScript CVE-2007-1077 (SQL injection vulnerability in page.asp in Design4Online UserPages2 ...) - TODO: check + NOT-FOR-US: UserPages2 CVE-2007-1076 (Multiple directory traversal vulnerabilities in phpTrafficA 1.4.1, and ...) - TODO: check + NOT-FOR-US: phpTrafficA CVE-2007-1075 (TurboFTP 5.30 Build 572 allows remote servers to cause a denial of ...) - TODO: check + NOT-FOR-US: TurboFTP CVE-2007-1074 (Multiple buffer overflows in NewsBin Pro 5.33 and NewsBin Pro 4.x ...) - TODO: check + NOT-FOR-US: NewsBin Pro CVE-2007-1073 (Static code injection vulnerability in install.php in mcRefer allows ...) - TODO: check + NOT-FOR-US: mcRefer CVE-2007-1072 (The command line interface (CLI) in Cisco Unified IP Phone 7906G, ...) - TODO: check + NOT-FOR-US: Cisco Unified IP Phone CVE-2007-1071 (Integer overflow in the gifGetBandProc function in ImageIO in Apple ...) - TODO: check + NOT-FOR-US: Apple ImageIO CVE-2007-1069 RESERVED CVE-2007-1068 (The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, ...) - TODO: check + NOT-FOR-US: Cisco Secure Services Client CVE-2007-1067 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, ...) - TODO: check + NOT-FOR-US: Cisco Secure Services Client CVE-2007-1066 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, ...) - TODO: check + NOT-FOR-US: Cisco Secure Services Client CVE-2007-1065 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, ...) - TODO: check + NOT-FOR-US: Cisco Secure Services Client CVE-2007-1064 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, ...) - TODO: check + NOT-FOR-US: Cisco Secure Services Client CVE-2007-1063 (The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, ...) - TODO: check + NOT-FOR-US: Cisco Unified IP Phone CVE-2007-1062 (The Cisco Unified IP Conference Station 7935 3.2(15) and earlier, and ...) - TODO: check + NOT-FOR-US: Cisco Unified IP Conference Station CVE-2007-1061 (SQL injection vulnerability in index.php in Francisco Burzi PHP-Nuke ...) - TODO: check + NOT-FOR-US: PHP-Nuke CVE-2007-1060 (Multiple PHP remote file inclusion vulnerabilities in Interspire ...) - TODO: check + NOT-FOR-US: SendStudio CVE-2007-1059 (PHP remote file inclusion vulnerability in function.php in Ultimate ...) - TODO: check + NOT-FOR-US: Ultimate Fun Book CVE-2007-1058 (SQL injection vulnerability in user_pages/page.asp in Online Web ...) - TODO: check + NOT-FOR-US: Online Web Building CVE-2007-1057 (The Net Direct client for Linux before 6.0.5 in Nortel Application ...) - TODO: check + NOT-FOR-US: Nortel Application Switch CVE-2007-1056 (VMware Workstation 5.5.3 build 34685 does not provide per-user ...) - TODO: check + NOT-FOR-US: VMware CVE-2007-1055 (Cross-site scripting (XSS) vulnerability in the AJAX features in ...) TODO: check CVE-2007-1054 (Cross-site scripting (XSS) vulnerability in the AJAX features in ...) TODO: check CVE-2007-1053 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: phpXmms CVE-2007-1052 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: PBLang CVE-2007-1051 (Comodo Firewall Pro (formerly Comodo Personal Firewall) 2.4.17.183 and ...) - TODO: check + NOT-FOR-US: Comodo Firewall Pro CVE-2007-1050 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) - TODO: check + NOT-FOR-US: MyCalendar CVE-2007-1048 (PHP remote file inclusion vulnerability in admin_rebuild_search.php in ...) - TODO: check + NOT-FOR-US: phpbb_wordsearch CVE-2007-1047 (Unspecified vulnerability in Distributed Checksum Clearinghouse (DCC) ...) - TODO: check + - dcc <unfixed> (medium) CVE-2007-1046 (Dem_trac allows remote attackers to read log file contents via a ...) - TODO: check + NOT-FOR-US: Dem_trac CVE-2007-1045 (mAlbum 0.3 has default accunts (1) "login"/"pass" for its ...) - TODO: check + NOT-FOR-US: mAlbum CVE-2007-1044 (Pearson Education PowerSchool 4.3.6 allows remote attackers to list ...) - TODO: check + NOT-FOR-US: PowerSchool CVE-2007-1043 (Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass ...) - TODO: check + NOT-FOR-US: Ezboo CVE-2007-1042 (Directory traversal vulnerability in news.php in Xpression News ...) - TODO: check + NOT-FOR-US: Xpression News CVE-2007-1041 (Multiple stack-based buffer overflows in S&H Computer Systems News ...) - TODO: check + NOT-FOR-US: News Rover CVE-2007-1040 (Directory traversal vulnerability in archives.php in Xpression News ...) - TODO: check + NOT-FOR-US: Xpression News CVE-2007-1039 (Unspecified vulnerability in Peanut Knowledge Base (PeanutKB) 0.0.3 ...) - TODO: check + NOT-FOR-US: Peanut Knowledge Base CVE-2007-1038 (Shemes.com Grabit 1.5.3, and possibly earlier, allows remote attackers ...) - TODO: check + NOT-FOR-US: Grabit CVE-2007-1037 (Stack-based buffer overflow in News File Grabber 4.1.0.1 and earlier ...) - TODO: check + NOT-FOR-US: News File Grabber CVE-2006-7093 (Cross-site scripting (XSS) vulnerability in Mambo LaiThai 4.5.4 ...) - TODO: check + NOT-FOR-US: Mambo LaiThai CVE-2006-7092 (SQL injection vulnerability in includes/mambo.php in Mambo LaiThai ...) - TODO: check + NOT-FOR-US: Mambo LaiThai CVE-2006-7091 (PHP remote file inclusion vulnerability in config.php in phpht ...) - TODO: check + NOT-FOR-US: Topsites FREE CVE-2006-7090 (PHP remote file inclusion vulnerability in phpbb_security.php in phpBB ...) - TODO: check + NOT-FOR-US: phpBB Security CVE-2006-7089 (SQL injection vulnerability in connexion.php in Ban 0.1 allows remote ...) - TODO: check + NOT-FOR-US: Ban CVE-2006-7088 (Multiple SQL injection vulnerabilities in Simple PHP Forum before 0.4 ...) - TODO: check + NOT-FOR-US: Simple PHP Forum CVE-2006-7087 (CRLF injection vulnerability in the mail function in Dotdeb PHP before ...) - TODO: check + NOT-FOR-US: Dotdeb PHP CVE-2006-7086 (The (1) dlback.php and (2) dlback.cgi scripts in Hot Links allow ...) - TODO: check + NOT-FOR-US: Hot Links CVE-2006-7085 (Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers ...) - TODO: check + NOT-FOR-US: Rigter Portal System CVE-2006-7084 (Directory traversal vulnerability in index.php in Rigter Portal System ...) - TODO: check + NOT-FOR-US: Rigter Portal System CVE-2006-7083 (Directory traversal vulnerability in index.php in Rigter Portal System ...) - TODO: check + NOT-FOR-US: Rigter Portal System CVE-2006-7082 (Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers ...) - TODO: check + NOT-FOR-US: Rigter Portal System CVE-2006-7081 (Multiple PHP remote file inclusion vulnerabilities in PhpNews 1.0 ...) - TODO: check + NOT-FOR-US: PhpNews CVE-2006-7080 (Directory traversal vulnerability in the avatar upload feature in exV2 ...) - TODO: check + NOT-FOR-US: exV2 CVE-2006-7079 (Variable extraction vulnerability in include/common.php in exV2 ...) - TODO: check + NOT-FOR-US: exV2 CVE-2006-7078 (Multiple cross-site scripting (XSS) vulnerabilities in Professional ...) - TODO: check + NOT-FOR-US: Professional Home Page Tools Login Script CVE-2006-7077 (SQL injection vulnerability in guestbook.php in Advanced Guestbook 2.4 ...) - TODO: check + NOT-FOR-US: Advanced Guestbook CVE-2006-7076 (Cross-site scripting (XSS) vulnerability in guestbook.php in Advanced ...) - TODO: check + NOT-FOR-US: Advanced Guestbook CVE-2006-7075 (Buffer overflow in the meta_read_flac function in meta_decoder.c for ...) - TODO: check + - aqualung 0.9~beta6-1 (medium) CVE-2006-7074 (admin.php in SmartSiteCMS 1.0 allows remote attackers to bypass ...) - TODO: check + NOT-FOR-US: SmartSiteCMS CVE-2006-7073 (Cross-site scripting (XSS) vulnerability in Opentools Attachment Mod ...) TODO: check CVE-2006-7072 (Cross-site scripting (XSS) vulnerability in GeoClassifieds Enterprise ...) - TODO: check + NOT-FOR-US: GeoClassifieds Enterprise CVE-2006-7071 (SQL injection vulnerability in classes/class_session.php in Invision ...) - TODO: check + NOT-FOR-US: Invision Power Board CVE-2006-7070 (Unrestricted file upload vulnerability in ...) - TODO: check + NOT-FOR-US: Etomite CMS CVE-2006-7069 (PHP remote file inclusion vulnerability in smarty_config.php in ...) - TODO: check + NOT-FOR-US: Socketwiz Bookmarks CVE-2006-7068 (PHP remote file inclusion vulnerability in CliServ Web Community 0.65 ...) - TODO: check + NOT-FOR-US: CliServ Web Community CVE-2006-7067 (Oracle 10g R2 and possibly other versions allows remote attackers to ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-7066 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote ...) - TODO: check + NOT-FOR-US: Microsoft IE CVE-2006-7065 (Microsoft Internet Explorer allows remote attackers to cause a denial ...) - TODO: check + NOT-FOR-US: Microsoft IE CVE-2006-7064 (Cross-site scripting (XSS) vulnerability in forum/admin.php for ...) - TODO: check + NOT-FOR-US: Invision Power Board CVE-2006-7063 (Directory traversal vulnerability in profile.php in TinyPHPforum 3.6 ...) - TODO: check + NOT-FOR-US: TinyPHPforum CVE-2006-7062 (calendar.php in Kamgaing Email System (kmail) 2.3 and earlier allows ...) - TODO: check + NOT-FOR-US: Kamgaing Email System CVE-2006-7061 (Scriptsez.net E-Dating System stores data files with predictable names ...) - TODO: check + NOT-FOR-US: E-Dating System CVE-2006-7060 (cindex.php in Scriptsez.net E-Dating System allows remote attackers to ...) - TODO: check + NOT-FOR-US: E-Dating System CVE-2006-7059 (Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net ...) - TODO: check + NOT-FOR-US: E-Dating System CVE-2006-7058 (Multiple cross-site scripting (XSS) vulnerabilities in Sphider before ...) - TODO: check + NOT-FOR-US: Sphider CVE-2006-7057 (SQL injection vulnerability in search.php in Sphider before 1.3.1c ...) - TODO: check + NOT-FOR-US: Sphider CVE-2006-7056 (Multiple PHP remote file inclusion vulnerabilities in DreamCost ...) - TODO: check + NOT-FOR-US: HostAdmin CVE-2006-7055 (PHP remote file inclusion vulnerability in index.php in TotalCalendar ...) - TODO: check + NOT-FOR-US: TotalCalendar CVE-2006-7054 (The DNS module in Arkoon FAST360 UTM appliances 3.0 up to 3.0/29, 3.1 ...) - TODO: check + NOT-FOR-US: FAST360 UTM CVE-2006-7053 (Unspecified vulnerability in Arkoon FAST360 UTM appliances 3.0 through ...) - TODO: check + NOT-FOR-US: FAST360 UTM CVE-2006-7052 (Multiple PHP remote file inclusion vulnerabilities in DotWidget For ...) - TODO: check + NOT-FOR-US: DotWidget CVE-2006-7051 (The sys_timer_create function in posix-timers.c for Linux kernel 2.6.x ...) - TODO: check + - linux-2.6 <unfixed> (medium) CVE-2006-7050 (Cross-site scripting (XSS) vulnerability in WikkaWiki (Wikka Wiki) ...) - TODO: check + NOT-FOR-US: WikkaWiki CVE-2006-7049 (The Method method in WikkaWiki (Wikka Wiki) before 1.1.6.2 calls the ...) - TODO: check + NOT-FOR-US: WikkaWiki CVE-2006-7048 (Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 ...) - TODO: check + NOT-FOR-US: Claroline CVE-2006-7047 (include.php in Shoutpro 1.0 might allow remote attackers to bypass IP ...) - TODO: check + NOT-FOR-US: Shoutpro CVE-2006-7046 (PHP remote file inclusion vulnerability in cmpro.intern/login.inc.php ...) - TODO: check + NOT-FOR-US: Clan Manager Pro CVE-2006-7045 (PHP remote file inclusion vulnerability in Clan Manager Pro (CMPRO) ...) - TODO: check + NOT-FOR-US: Clan Manager Pro CVE-2006-7044 (PHP remote file inclusion vulnerability in comment.core.inc.php in ...) - TODO: check + NOT-FOR-US: Clan Manager Pro CVE-2006-7043 (Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk ...) - TODO: check + NOT-FOR-US: Chipmunk CVE-2006-7042 (Cross-site scripting (XSS) vulnerability in directory/index.php in ...) - TODO: check + NOT-FOR-US: Chipmunk CVE-2006-7041 (The SMTP service in MERCUR Messaging 2005 before Service Pack 4 allows ...) - TODO: check + NOT-FOR-US: MERCUR Messaging CVE-2006-7040 (Unspecified vulnerability in MERCUR Messaging 2005 before Service Pack ...) - TODO: check + NOT-FOR-US: MERCUR Messaging CVE-2006-7039 (The IMAP4 service in MERCUR Messaging 2005 before Service Pack 4 ...) - TODO: check + NOT-FOR-US: MERCUR Messaging CVE-2006-7038 (Multiple buffer overflows in MERCUR Messaging 2005 before Service Pack ...) - TODO: check + NOT-FOR-US: MERCUR Messaging CVE-2006-7037 (Mathcad 12 through 13.1 allows local users to bypass the security ...) - TODO: check + NOT-FOR-US: MathCAD CVE-2006-7036 (PHP remote file inclusion vulnerability in register.php for Andys Chat ...) - TODO: check + NOT-FOR-US: Andy''s Chat CVE-2006-7035 (Directory traversal vulnerability in make_thumbnail.php in Super Link ...) - TODO: check + NOT-FOR-US: Super Link Exchange Script CVE-2006-7034 (SQL injection vulnerability in directory.php in Super Link Exchange ...) - TODO: check + NOT-FOR-US: Super Link Exchange Script CVE-2006-7033 (Cross-site scripting (XSS) vulnerability in Super Link Exchange Script ...) - TODO: check + NOT-FOR-US: Super Link Exchange Script CVE-2006-7032 (PHP remote file inclusion vulnerability in phpbb/getmsg.php in FlashBB ...) - TODO: check + NOT-FOR-US: FlashBB CVE-2006-7031 (Microsoft Internet Explorer 6.0.2900 SP2 and earlier allows remote ...) - TODO: check + NOT-FOR-US: Microsoft IE CVE-2006-7030 (Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers ...) - TODO: check + NOT-FOR-US: Microsoft IE CVE-2006-7029 (Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers ...) - TODO: check + NOT-FOR-US: Microsoft IE CVE-2006-7028 (Single CPU Sun systems running Solaris 7, 8, or 9, such as Netra, ...) - TODO: check + NOT-FOR-US: Sun Solaris CVE-2006-7027 (Microsoft Internet Security and Acceleration (ISA) Server 2004 logs ...) - TODO: check + NOT-FOR-US: Microsoft ISA CVE-2006-7026 (PHP remote file inclusion vulnerability in sources/join.php in ...) - TODO: check + NOT-FOR-US: Topsites PHP CVE-2006-7025 (SQL injection vulnerability in admin/config.php in Bookmark4U 2.0 and ...) - TODO: check + NOT-FOR-US: Bookmark4U CVE-2005-4829 (VirtueMart before 1.0.1 does not properly handle errors when a user is ...) - TODO: check + NOT-FOR-US: VirtueMart CVE-2004-2679 (Check Point Firewall-1 4.1 up to NG AI R55 allows remote attackers to ...) - TODO: check + NOT-FOR-US: CheckPoint Firewall CVE-2004-2678 (Unspecified vulnerability in HP Tru64 UNIX 5.1B PK2(BL22) and ...) - TODO: check + NOT-FOR-US: HP Tru64 UNIX CVE-2004-2677 (Format string vulnerability in qwik-smtpd.c in QwikMail SMTP ...) TODO: check CVE-2003-1320 (SonicWALL firmware before 6.4.0.1 allows remote attackers to cause a ...) - TODO: check + NOT-FOR-US: SonicWALL CVE-2002-2225 (SafeNet VPN client allows remote attackers to cause a denial of ...) - TODO: check + NOT-FOR-US: SafeNet VPN CVE-2002-2224 (Buffer overflow in PGPFreeware 7.03 running on Windows NT 4.0 SP6 ...) - TODO: check + NOT-FOR-US: PGPFreeware CVE-2002-2223 (Buffer overflow in NetScreen-Remote 8.0 allows remote attackers to ...) TODO: check CVE-2002-2222 (isakmpd/message.c in isakmpd in FreeBSD before isakmpd-20020403_1, and ...) - TODO: check + NOT-FOR-US: FreeBSD CVE-2007-XXXX [apache does not use setsid() to detach from controlling tty ] - apache <unfixed> (bug #357561) CVE-2007-XXXX [vserver patch allows renice of processes in different context] @@ -970,7 +970,7 @@ CVE-2007-0845 (admin/index.php in Advanced Poll 2.0.0 through 2.0.5-dev allows remote ...) NOT-FOR-US: Advanced Poll CVE-2007-0843 (The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2007-0842 (The 64-bit versions of Microsoft Visual C++ 8.0 standard library ...) NOT-FOR-US: Microsoft CVE-2007-0841 (Multiple unspecified vulnerabilities in vbDrupal before 4.7.6.0 have ...) @@ -2222,9 +2222,9 @@ CVE-2007-0322 RESERVED CVE-2007-0321 (Buffer overflow in the Update Service Agent ActiveX Control in ...) - TODO: check + NOT-FOR-US: FLEXnet Connect CVE-2007-0320 (Multiple buffer overflows in (a) an ActiveX control (iftw.dll) and (b) ...) - TODO: check + NOT-FOR-US: InstallFromTheWeb CVE-2007-0319 RESERVED CVE-2007-0318 (The do_hfs_truncate function in Mac OS X 10.4.8 allows ...) @@ -3589,7 +3589,7 @@ CVE-2007-0002 RESERVED CVE-2007-0001 (The file watch implementation in the audit subsystem (auditctl -w) in ...) - TODO: check + - linux-2.6 <unfixed> CVE-2006-6659 (The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in ...) NOT-FOR-US: Microsoft CVE-2006-6658 (Inktomi Search 4.1.4 allows remote attackers to obtain sensitive ...)