Author: keescook-guest Date: 2007-03-26 21:35:48 +0000 (Mon, 26 Mar 2007) New Revision: 5592 Modified: data/CVE/list Log: NFUs: 38 unfixed: kdelibs php5 xmms Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-03-26 20:16:53 UTC (rev 5591) +++ data/CVE/list 2007-03-26 21:35:48 UTC (rev 5592) @@ -23,37 +23,37 @@ - php5 <unfixed> (unimportant) NOTE: Only triggerable by malicious script CVE-2007-1580 (FTPDMIN 0.96 allows remote attackers to cause a denial of service ...) - TODO: check + NOT-FOR-US: FTPDMIN CVE-2007-1579 (Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote ...) - TODO: check + NOT-FOR-US: MERCUR IMAPD CVE-2007-1578 (Multiple integer signedness errors in the NTLM implementation in ...) - TODO: check + NOT-FOR-US: MERCUR IMAPD CVE-2007-1577 (Directory traversal vulnerability in index.php in GeBlog 0.1 allows ...) - TODO: check + NOT-FOR-US: GeBlog CVE-2007-1576 (Multiple cross-site scripting (XSS) vulnerabilities in PHProjekt ...) - TODO: check + NOT-FOR-US: PHProjekt CVE-2007-1575 (Multiple SQL injection vulnerabilities in PHProjekt 5.2.0, when ...) - TODO: check + NOT-FOR-US: PHProjekt CVE-2007-1574 (CARE2X 2.2, and possibly earlier, allows remote attackers to obtain ...) - TODO: check + NOT-FOR-US: CARE2X CVE-2007-1573 (SQL injection vulnerability in admincp/attachment.php in Jelsoft ...) - TODO: check + NOT-FOR-US: vBulletin CVE-2007-1572 (SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 and ...) - TODO: check + NOT-FOR-US: JGBBS CVE-2007-1571 (PHP remote file inclusion vulnerability in includes/base.php in ...) - TODO: check + NOT-FOR-US: Activist Mobilization Platform CVE-2007-1570 (SQL injection vulnerability in devami.asp in X-ice Haber Sistemi (aka ...) - TODO: check + NOT-FOR-US: Haber Sistemi CVE-2007-1569 (Stack-based buffer overflow in NewsBin Pro 4.32 allows remote ...) - TODO: check + NOT-FOR-US: NewsBin Pro CVE-2007-1568 (Stack-based buffer overflow in DaanSystems NewsReactor 20070220.21 ...) - TODO: check + NOT-FOR-US: NewsReactor CVE-2007-1567 (Stack-based buffer overflow in War FTP Daemon 1.65, and possibly ...) NOT-FOR-US: WarFTPd CVE-2007-1566 (SQL injection vulnerability in News/page.asp in NetVIOS Portal allows ...) - TODO: check + NOT-FOR-US: NetVIOS Portal CVE-2007-1565 (Konqueror 3.5.5 allows remote attackers to cause a denial of service ...) - TODO: check + - kdelibs <unfixed> (unimportant) CVE-2007-1564 (The FTP protocol implementation in Konqueror 3.5.5 allows remote ...) - kdelibs 4:3.5.5a.dfsg.1-7 CVE-2007-1563 (The FTP protocol implementation in Opera 9.10 allows remote attackers ...) @@ -69,23 +69,23 @@ CVE-2007-1557 (Format string vulnerability in F-Secure Anti-Virus Client Security ...) NOT-FOR-US: F-Secure CVE-2007-1556 (SQL injection vulnerability in kommentare.php in Creative Files 1.2 ...) - TODO: check + NOT-FOR-US: Creative Files CVE-2007-1555 (SQL injection vulnerability in forum.php in the Minerva mod 2.0.21 ...) - TODO: check + NOT-FOR-US: Minerva module of phpBB CVE-2007-1554 (Direct static code injection vulnerability in admin/configuration.php ...) - TODO: check + NOT-FOR-US: Guestbara CVE-2007-1553 (admin/configuration.php in Guestbara 1.2 and earlier allows remote ...) - TODO: check + NOT-FOR-US: Guestbara CVE-2007-1552 (Unrestricted file upload vulnerability in usercp.php in MetaForum ...) - TODO: check + NOT-FOR-US: MetaForum CVE-2007-1551 (Multiple cross-site scripting (XSS) vulnerabilities in phpx 3.5.15 ...) - TODO: check + NOT-FOR-US: phpx CVE-2007-1550 (Multiple SQL injection vulnerabilities in phpx 3.5.15 allow remote ...) - TODO: check + NOT-FOR-US: phpx CVE-2007-1549 (Unrestricted file upload vulnerability in gallery.php in phpx 3.5.15 ...) - TODO: check + NOT-FOR-US: phpx CVE-2007-1548 (SQL injection vulnerability in functions/functions_filters.asp in Web ...) - TODO: check + NOT-FOR-US: Web Wiz Forums CVE-2007-1547 (The ReadRequestFromClient function in server/os/io.c in Network Audio ...) - nas 1.8-4 (low; bug #416038) CVE-2007-1546 (Array index error in Network Audio System (NAS) before 1.8a SVN 237 ...) @@ -103,7 +103,7 @@ CVE-2007-1540 (Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 and ...) - sql-ledger <unfixed> (bug #409703) CVE-2007-1539 (Directory traversal vulnerability in inc/map.func.php in pragmaMX ...) - TODO: check + NOT-FOR-US: pragmaMX Landkarten CVE-2007-1538 (** DISPUTED ** ...) NOT-FOR-US: McAfee CVE-2007-1537 (\Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 ...) @@ -131,11 +131,11 @@ CVE-2007-1527 (The LLTD Mapper in Microsoft Windows Vista does not verify that an IP ...) NOT-FOR-US: Microsoft CVE-2007-1526 (Sun Java System Web Server 6.1 before 20070314 allows remote ...) - TODO: check + NOT-FOR-US: Sun Java System Web Server CVE-2007-1525 (Direct static code injection vulnerability in postpost.php in Dayfox ...) - TODO: check + NOT-FOR-US: Dayfox Blog CVE-2007-1524 (Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 ...) - TODO: check + NOT-FOR-US: ZomPlog CVE-2007-1523 (Heap-based buffer overflow in the kernel in NetBSD 3.0, certain ...) TODO: check CVE-2007-1522 (Double free vulnerability in the session extension in PHP 5.2.0 and ...) @@ -143,19 +143,19 @@ CVE-2007-1521 (Double free vulnerability in PHP 5.2.1 and earlier allows ...) - php5 <unfixed> CVE-2007-1520 (The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0 does ...) - TODO: check + NOT-FOR-US: PHP-Nuke CVE-2007-1519 (Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke ...) - TODO: check + NOT-FOR-US: PHP-Nuke CVE-2007-1518 (SQL injection vulnerability in usergroups.php in Woltlab Burning Board ...) - TODO: check + NOT-FOR-US: Woltlab Burning Board CVE-2007-1517 (SQL injection vulnerability in comments.php in WSN Guest 1.02 and 1.21 ...) - TODO: check + NOT-FOR-US: WSN Guest CVE-2006-7174 (PHP remote file inclusion vulnerability in includes/functions.php in ...) - TODO: check + NOT-FOR-US: Dimension module of phpBB CVE-2006-7173 (Direct static code injection vulnerability in admin.php in PHP-Stats ...) - TODO: check + NOT-FOR-US: PHP-Stats CVE-2006-7172 (Multiple SQL injection vulnerabilities in php-stats.recphp.php in ...) - TODO: check + NOT-FOR-US: PHP-Stats CVE-2003-1322 (Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR ...) TODO: check CVE-2007-1561 (Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers ...) @@ -302,7 +302,7 @@ CVE-2007-1453 (Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering ...) - php5 <unfixed> (medium) CVE-2007-1452 (The FDF support (ext/fdf) in PHP 5.2.0 and earlier does not implement ...) - TODO: check + - php5 <unfixed> CVE-2007-1451 (GuppY 4.0 allows remote attackers to delete arbitrary files via a ...) NOT-FOR-US: GuppY CVE-2007-1450 (SQL injection vulnerability in mainfile.php in PHP-Nuke 8.0 and ...) @@ -438,7 +438,7 @@ CVE-2007-1397 (Multiple stack-based buffer overflows in the (1) ExtractRnick and (2) ...) NOT-FOR-US: FiSH IRC Encryption CVE-2007-1396 (The import_request_variables function in PHP 4.0.7 through 5.2.1, when ...) - TODO: check + - php5 <unfixed> CVE-2007-1395 (Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 ...) - phpmyadmin <unfixed> (medium) CVE-2007-1394 (Direct static code injection vulnerability in startsession.php in Flat ...) @@ -607,7 +607,7 @@ CVE-2007-1314 RESERVED CVE-2007-1313 (NETxAutomation NETxEIB OPC Server before 3.0.1300 does not properly ...) - TODO: check + NOT-FOR-US: NETxAutomation NETxEIB OPC Server CVE-2007-1312 RESERVED CVE-2007-1311 @@ -2576,9 +2576,9 @@ CVE-2007-0655 RESERVED CVE-2007-0654 (Integer underflow in X MultiMedia System (xmms) 1.2.10 allows ...) - TODO: check + - xmms <unfixed> (low) CVE-2007-0653 (Integer overflow in X MultiMedia System (xmms) 1.2.10, and possibly ...) - TODO: check + - xmms <unfixed> (low) CVE-2007-0652 (Cross-site request forgery (CSRF) vulnerability in MailEnable Professional ...) NOT-FOR-US: MailEnable Professional CVE-2007-0651 (Multiple cross-site scripting (XSS) vulnerabilities in MailEnable ...) @@ -2676,9 +2676,9 @@ CVE-2007-0608 RESERVED CVE-2007-0607 (W-Agora (Web-Agora) 4.2.1, when register_globals is enabled, stores ...) - TODO: check + NOT-FOR-US: Web-Agora CVE-2007-0606 (w-agora 4.2.1 allows remote attackers to obtain sensitive information ...) - TODO: check + NOT-FOR-US: Web-Agora CVE-2007-0605 RESERVED CVE-2007-0604 (Cross-site scripting (XSS) vulnerability in Movable Type (MT) before ...) @@ -3301,7 +3301,7 @@ CVE-2007-0349 (Directory traversal vulnerability in upgrade.php in nicecoder.com ...) NOT-FOR-US: INDEXU CVE-2007-0348 (Stack-based buffer overflow in the IASystemInfo.dll ActiveX control in ...) - TODO: check + NOT-FOR-US: ActiveX control in InterActual Player CVE-2007-0347 (The is_eow function in format.c in CVSTrac before 2.0.1 does not ...) TODO: check NOTE: it is unclear if 1.1.5 is vulnerable (is_repository_file is not in 1.1.5 source)