Author: fw Date: 2007-05-01 11:31:31 +0000 (Tue, 01 May 2007) New Revision: 5759 Modified: data/CVE/list Log: NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-05-01 11:10:15 UTC (rev 5758) +++ data/CVE/list 2007-05-01 11:31:31 UTC (rev 5759) @@ -248,11 +248,11 @@ CVE-2007-2212 (Multiple SQL injection vulnerabilities in calendar.php in MyBB (aka ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2007-2211 (SQL injection vulnerability in calendar.php in MyBB (aka ...) - TODO: check + NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2007-2210 (A certain ActiveX control in askPopStp.dll in Netsprint Ask IE Toolbar ...) - TODO: check + NOT-FOR-US: Netsprint CVE-2007-2209 (Buffer overflow in igcore15d.dll 15.1.2.0 and 15.2.0.0 for AccuSoft ...) - TODO: check + NOT-FOR-US: AccuSoft CVE-2007-2208 (Multiple PHP remote file inclusion vulnerabilities in Extreme PHPBB2 ...) TODO: check CVE-2007-2207 (SQL injection vulnerability in contact/index.php in Ripe Website ...) @@ -276,53 +276,53 @@ CVE-2007-2198 (Cross-site scripting (XSS) vulnerability in LAN Management System ...) TODO: check CVE-2007-2197 (Race condition in the NeatUpload ASP.NET component 1.2.11 through ...) - TODO: check + NOT-FOR-US: NeatUpload CVE-2007-2196 (PHP remote file inclusion vulnerability in jambook.php in the Jambook ...) TODO: check CVE-2007-2195 (aMSN (aka Alvaro''s Messenger) 0.96 and earlier allows remote attackers ...) - TODO: check + NOT-FOR-US: Alvaro''s Messenger CVE-2007-2194 (Stack-based buffer overflow in XnView 1.90.3 allows user-assisted ...) TODO: check CVE-2007-2193 (Stack-based buffer overflow in the ID_X.apl plugin in ACDSee 9.0 Build ...) - TODO: check + NOT-FOR-US: ACDSee CVE-2007-2192 (Buffer overflow in Photofiltre Studio 8.1.1 allows user-assisted ...) - TODO: check + NOT-FOR-US: Photofiltre CVE-2007-2191 (Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x ...) TODO: check CVE-2007-2190 (PHP remote file inclusion vulnerability in admin/public/webpages.php ...) TODO: check CVE-2007-2189 (PHP remote file inclusion vulnerability in admin/admin_album_otf.php ...) - TODO: check + NOT-FOR-US: mxBB Smartor Album CVE-2007-2188 (eXtremail 2.1.1 and earlier does not verify the ID field (aka ...) - TODO: check + NOT-FOR-US: eXtremail CVE-2007-2187 (Stack-based buffer overflow in eXtremail 2.1.1 and earlier allows ...) - TODO: check + NOT-FOR-US: eXtremail CVE-2007-2186 (Foxit Reader 2.0 allows remote attackers to cause a denial of service ...) - TODO: check + NOT-FOR-US: Foxit Reader CVE-2007-2185 (Multiple PHP remote file inclusion vulnerabilities in Supasite 1.23b ...) - TODO: check + NOT-FOR-US: Supasite CVE-2007-2184 (Directory traversal vulnerability in imgsrv.php in jchit counter 1.0.0 ...) - TODO: check + NOT-FOR-US: jchit CVE-2007-2183 (SQL injection vulnerability in index.php in PHP-Ring Webring System ...) TODO: check CVE-2007-2182 (Unrestricted file upload vulnerability in forum_write.php in Maran PHP ...) - TODO: check + NOT-FOR-US: Maran PHP Forum CVE-2007-2181 (PHP remote file inclusion vulnerability in admin/login.php in Webinsta ...) - TODO: check + NOT-FOR-US: WEBInsta CVE-2007-2180 (Buffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote ...) NOT-FOR-US: Nullsoft Winamp CVE-2007-2179 (Multiple unspecified vulnerabilities in IXceedCompression in ...) - TODO: check + NOT-FOR-US: RaidenFTPD CVE-2007-2178 (Multiple unspecified vulnerabilities in Objective Development Sharity ...) - TODO: check + NOT-FOR-US: Sharity CVE-2007-2177 (Stack-based buffer overflow in the Microgaming Download Helper ActiveX ...) NOT-FOR-US: Microgaming Download Helper CVE-2007-2176 (Unspecified vulnerability in Mozilla Firefox allows remote attackers ...) TODO: check CVE-2007-2175 (Unspecified vulnerability in Apple QuickTime, as used in Safari and ...) - TODO: check + NOT-FOR-US: Apple QuickTime CVE-2007-2174 (The IOCTL handling in srescan.sys in the ZoneAlarm Spyware Removal ...) - TODO: check + NOT-FOR-US: ZoneAlarm CVE-2007-2173 (Eval injection vulnerability in (1) courier-imapd.indirect and (2) ...) TODO: check CVE-2007-2172 (A typo in Linux kernel 2.6 before 2.6.21-rc6 causes RTA_MAX to be used ...) @@ -344,43 +344,43 @@ CVE-2007-2164 (Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial ...) TODO: check CVE-2007-2163 (Apple Safari allows remote attackers to cause a denial of service ...) - TODO: check + NOT-FOR-US: Apple Safari CVE-2007-2162 ((1) Mozilla Firefox 2.0.0.3 and (2) GNU IceWeasel 2.0.0.3 allow remote ...) TODO: check CVE-2007-2161 (Microsoft Internet Explorer 7 allows remote attackers to cause a ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2007-2160 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...) TODO: check CVE-2007-2159 (Multiple cross-site scripting (XSS) vulnerabilities in the Database ...) TODO: check CVE-2007-2158 (PHP remote file inclusion vulnerability in index.php in jGallery 1.3 ...) - TODO: check + NOT-FOR-US: jGallery CVE-2007-2157 (Directory traversal vulnerability in upload/force_download.php in ...) - TODO: check + NOT-FOR-US: Zomplog CVE-2007-2156 (Multiple PHP remote file inclusion vulnerabilities in Rezervi Generic ...) TODO: check CVE-2007-2155 (Directory traversal vulnerability in template.php in in phpFaber ...) - TODO: check + NOT-FOR-US: phpFaber TopSites CVE-2007-2154 (PHP remote file inclusion vulnerability in ...) TODO: check CVE-2007-2153 (Cross-site scripting (XSS) vulnerability in atmail.php in @Mail 5.0 ...) - TODO: check + NOT-FOR-US: @Mail CVE-2007-2152 (Buffer overflow in the On-Access Scanner in McAfee VirusScan ...) - TODO: check + NOT-FOR-US: McAfee VirusScan Enterprise CVE-2007-2151 (The administration server in McAfee e-Business Server before 8.1.1 and ...) - TODO: check + NOT-FOR-US: McAfee CVE-2007-2150 (BlueArc-FTPD in BlueArc Titan 2x00 devices with firmware 4.2.944b ...) - TODO: check + NOT-FOR-US: BlueArc CVE-2007-2149 (Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier stores ...) - TODO: check + NOT-FOR-US: Chatness CVE-2007-2148 (Direct static code injection vulnerability in admin/save.php in ...) - TODO: check + NOT-FOR-US: Chatness CVE-2007-2147 (admin/options.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and ...) - TODO: check + NOT-FOR-US: Chatness CVE-2007-2146 (The imagecomments function in classes.php in MiniGal b13 allow remote ...) - TODO: check + NOT-FOR-US: MiniGal CVE-2007-2145 (The imagecomments function in classes.php in MiniGal b13 allows remote ...) - TODO: check + NOT-FOR-US: MiniGal CVE-2007-2144 (PHP remote file inclusion vulnerability in includes/CAltInstaller.php ...) TODO: check CVE-2007-2143 (PHP remote file inclusion vulnerability in index.php in the Be2004-2 ...) @@ -392,67 +392,67 @@ CVE-2007-2140 (PHP remote file inclusion vulnerability in everything.php in Franklin ...) TODO: check CVE-2007-2139 (Multiple stack-based buffer overflows in the SUN RPC service in CA ...) - TODO: check + NOT-FOR-US: CA BrightStor CVE-2007-2137 (Heap-based buffer overflow in kde.dll in IBM Tivoli Monitoring Express ...) - TODO: check + NOT-FOR-US: Tivoli CVE-2007-2136 (Stack-based buffer overflow in bgs_sdservice.exe in BMC Patrol ...) - TODO: check + NOT-FOR-US: BMC Patrol PerformAgent CVE-2007-2135 (The ADI_BINARY component in the Oracle E-Business Suite allows remote ...) - TODO: check + NOT-FOR-US: Oracle CVE-2007-2134 (Unspecified vulnerability in the HTML Server in Oracle JD Edwards ...) - TODO: check + NOT-FOR-US: Oracle CVE-2007-2133 (Unspecified vulnerability in the PeopleSoft Enterprise Human Capital ...) - TODO: check + NOT-FOR-US: Oracle CVE-2007-2132 (Unspecified vulnerability in the PeopleTools component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2007-2131 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft ...) - TODO: check + NOT-FOR-US: Oracle CVE-2007-2130 (Unspecified vulnerability in Workflow Cartridge, as used in Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2007-2129 (Unspecified vulnerability in the Agent component in Oracle Enterprise ...) - TODO: check + NOT-FOR-US: Oracle CVE-2007-2128 (Unspecified vulnerability in the Sales Online component for Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2007-2127 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.0 ...) - TODO: check + NOT-FOR-US: Oracle CVE-2007-2126 (Unspecified vulnerability in Oracle E-Business Suite 11.5.10CU2 has ...) - TODO: check + NOT-FOR-US: Oracle CVE-2007-2125 (Unspecified vulnerability in Collaborative Workspace in Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2007-2124 (Unspecified vulnerability in the Portal component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2007-2123 (Unspecified vulnerability in the Portal component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2007-2122 (Unspecified vulnerability in the Wireless component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2007-2121 (Unspecified vulnerability in the COREid Access component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2007-2120 (The Oracle Discoverer servlet in Oracle Application Server 9.0.4.3, ...) - TODO: check + NOT-FOR-US: Oracle CVE-2007-2119 (Cross-site scripting (XSS) vulnerability in boundary_rules.jsp in the ...) - TODO: check + NOT-FOR-US: Oracle CVE-2007-2118 (Unspecified vulnerability in the Upgrade/Downgrade component of Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2007-2117 (Unspecified vulnerability in the Oracle Text component in Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2007-2116 (Unspecified vulnerability in the Advanced Replication component in ...) - TODO: check + NOT-FOR-US: Oracle CVE-2007-2115 (Unspecified vulnerability in the Change Data Capture (CDC) component ...) - TODO: check + NOT-FOR-US: Oracle CVE-2007-2114 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and ...) - TODO: check + NOT-FOR-US: Oracle CVE-2007-2113 (SQL injection vulnerability in the Upgrade/Downgrade component ...) - TODO: check + NOT-FOR-US: Oracle CVE-2007-2112 (Unspecified vulnerability in the Authentication component for Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2007-2111 (SQL injection vulnerability in the SYS.DBMS_AQADM_SYS package in ...) - TODO: check + NOT-FOR-US: Oracle CVE-2007-2110 (Unspecified vulnerability in the Core RDBMS component for Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2007-2109 (Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have ...) - TODO: check + NOT-FOR-US: Oracle CVE-2007-2108 (Unspecified vulnerability in the Core RDBMS component Oracle Database ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-7196 RESERVED CVE-2006-7195 @@ -765,7 +765,7 @@ CVE-2007-1973 (Race condition in the Virtual DOS Machine (VDM) in the Windows Kernel ...) NOT-FOR-US: Microsoft Windows CVE-2007-1972 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: BMC Patrol PerformAgent CVE-2006-7194 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Agora CVE-2006-7193 (** DISPUTED ** ...) @@ -1409,9 +1409,9 @@ CVE-2007-1692 (The default configuration of Microsoft Windows uses the Web Proxy ...) NOT-FOR-US: Microsoft CVE-2007-1691 (Stack-based buffer overflow in Second Sight Software ActiveMod ActiveX ...) - TODO: check + NOT-FOR-US: Second Sight Software CVE-2007-1690 (Multiple stack-based buffer overflows in Second Sight Software ...) - TODO: check + NOT-FOR-US: Second Sight Software CVE-2007-1689 RESERVED CVE-2007-1688 @@ -1425,11 +1425,11 @@ CVE-2007-1684 (The Run function in SolidWorks sldimdownload ActiveX control in ...) NOT-FOR-US: sldimdownload ActiveX control CVE-2007-1683 (Stack-based buffer overflow in the DoWebMenuAction function in the ...) - TODO: check + NOT-FOR-US: IncrediMail CVE-2007-1682 RESERVED CVE-2007-1681 (Format string vulnerability in libwebconsole_services.so in Sun Java ...) - TODO: check + NOT-FOR-US: Sun Solaris CVE-2007-1680 (Stack-based buffer overflow in the createAndJoinConference function in ...) NOT-FOR-US: AudioConf ActiveX control CVE-2007-1679 (** DISPUTED ** ...) @@ -3279,7 +3279,7 @@ CVE-2007-1010 (Multiple PHP remote file inclusion vulnerabilities in ZebraFeeds 1.0, ...) NOT-FOR-US: ZebraFeeds CVE-2007-1009 (Macrovision InstallAnywhere Enterprise before 8.0.1 uses the ...) - TODO: check + NOT-FOR-US: InstallAnywhere CVE-2007-1008 (Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a ...) NOT-FOR-US: Apple iTunes CVE-2007-1007 (Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows ...) @@ -4061,43 +4061,43 @@ CVE-2007-0748 RESERVED CVE-2007-0747 (load_webdav in Apple Mac OS X 10.3.9 through 10.4.9 does not properly ...) - TODO: check + NOT-FOR-US: Apple Mac OS X CVE-2007-0746 (Heap-based buffer overflow in the VideoConference framework in Apple ...) - TODO: check + NOT-FOR-US: Apple Mac OS X CVE-2007-0745 RESERVED CVE-2007-0744 (SMB in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean ...) - TODO: check + NOT-FOR-US: Apple Mac OS X CVE-2007-0743 (URLMount in Apple Mac OS X 10.3.9 through 10.4.9 passes the username ...) - TODO: check + NOT-FOR-US: Apple Mac OS X CVE-2007-0742 (The WebFoundation framework in Apple Mac OS X 10.3.9 and earlier ...) - TODO: check + NOT-FOR-US: Apple Mac OS X CVE-2007-0741 (Buffer overflow in natd in network_cmds in Apple Mac OS X 10.3.9 ...) - TODO: check + NOT-FOR-US: Apple Mac OS X CVE-2007-0740 RESERVED CVE-2007-0739 (The Login Window in Apple Mac OS X 10.4 through 10.4.9 displays the ...) - TODO: check + NOT-FOR-US: Apple Mac OS X CVE-2007-0738 (The Login Window in Apple Mac OS X 10.4 through 10.4.9 does not ...) - TODO: check + NOT-FOR-US: Apple Mac OS X CVE-2007-0737 (The Login Window in Apple Mac OS X 10.3.9 through 10.4.9 does not ...) - TODO: check + NOT-FOR-US: Apple Mac OS X CVE-2007-0736 (Integer overflow in the RPC library in Libinfo in Apple Mac OS X ...) - TODO: check + NOT-FOR-US: Apple Mac OS X CVE-2007-0735 (Use-after-free vulnerability in Libinfo in Apple Mac OS X 10.3.9 ...) - TODO: check + NOT-FOR-US: Apple Mac OS X CVE-2007-0734 (fsck, as used by the AirPort Disk feature of the AirPort Extreme Base ...) NOT-FOR-US: AirPort Extreme Base Station CVE-2007-0733 (Unspecified vulnerability in ImageIO in Apple Mac OS X 10.3.9 and 10.4 ...) NOT-FOR-US: Apple Mac ImageIO CVE-2007-0732 (Unspecified vulnerability in the CoreServices daemon in CarbonCore in ...) - TODO: check + NOT-FOR-US: Apple Mac OS X CVE-2007-0731 (Stack-based buffer overflow in the Apple-specific Samba module (SMB ...) NOT-FOR-US: Apple Mac CVE-2007-0730 (Server Manager (servermgrd) in Apple Mac OS X 10.3.9 and 10.4 through ...) NOT-FOR-US: Apple Mac Server Manager CVE-2007-0729 (Apple File Protocol (AFP) Client in Apple Mac OS X 10.3.9 through ...) - TODO: check + NOT-FOR-US: Apple Mac OS X CVE-2007-0728 (Unspecified vulnerability in Apple Mac OS X 10.3.9 and 10.4 through ...) NOT-FOR-US: Apple Mac CVE-2007-0727 @@ -4105,7 +4105,7 @@ CVE-2007-0726 (The SSH key generation process in OpenSSH in Apple Mac OS X 10.3.9 and ...) NOT-FOR-US: Apple OpenSSH CVE-2007-0725 (Buffer overflow in the AirPortDriver module for AirPort in Apple Mac ...) - TODO: check + NOT-FOR-US: Apple Mac OS X CVE-2007-0724 (The IOKit HID interface in Apple Mac OS X 10.3.9 and 10.4 through ...) NOT-FOR-US: Apple Mac CVE-2007-0723 (Unspecified vulnerability in the authentication feature for ...) @@ -4768,7 +4768,7 @@ CVE-2007-0444 (Stack-based buffer overflow in the print provider library (cpprov.dll) ...) NOT-FOR-US: Citrix CVE-2007-0443 (Multiple buffer overflows in the CDDBControl ActiveX control in ...) - TODO: check + NOT-FOR-US: GraceNote ActiveX Control CVE-2007-0442 (Unspecified vulnerability in IBM OS/400 R530 and R535 has unknown ...) NOT-FOR-US: IBM OS/400 CVE-2007-0441 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...) @@ -8848,7 +8848,7 @@ CVE-2006-5587 (Multiple PHP remote file inclusion vulnerabilities in MDweb 1.3 and ...) NOT-FOR-US: MDweb CVE-2006-5586 (The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 ...) - TODO: check + NOT-FOR-US: Microsoft GDI CVE-2006-5585 (The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft CVE-2006-5584 (The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 ...)