Author: fw Date: 2007-05-01 12:39:10 +0000 (Tue, 01 May 2007) New Revision: 5761 Modified: data/CVE/list Log: CVE-2007-2318: filezilla CVE-2007-2293, CVE-2007-2294: asterisk CVE-2007-2292: Mozilla browsers NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-05-01 12:04:47 UTC (rev 5760) +++ data/CVE/list 2007-05-01 12:39:10 UTC (rev 5761) @@ -23,49 +23,50 @@ CVE-2007-2320 (SQL injection vulnerability in kontakt.php in Papoo 3.02 and earlier ...) NOT-FOR-US: Papoo CVE-2007-2319 (PHP remote file inclusion vulnerability in the AutoStand 1.1 and ...) - TODO: check + NOT-FOR-US: AutoStand CVE-2007-2318 (Multiple format string vulnerabilities in FileZilla before 2.2.32 ...) - TODO: check + - filezilla <unfixed> (bug #421776) + NOTE: http://sourceforge.net/project/shownotes.php?release_id=501534&group_id=21558 CVE-2007-2317 (Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum ...) NOT-FOR-US: MiniBB CVE-2007-2316 (Unspecified vulnerability in the admin script in Open Business ...) - TODO: check + NOT-FOR-US: Open Business Management CVE-2007-2315 (MiniShare 1.5.4, and possibly earlier, allows remote attackers to ...) - TODO: check + NOT-FOR-US: MiniShare CVE-2007-2314 (Multiple SQL injection vulnerabilities in Crea-Book 1.0, and possibly ...) NOT-FOR-US: Crea-Book CVE-2007-2313 (PHP remote file inclusion vulnerability in getinfo1.php in the ...) - TODO: check + NOT-FOR-US: Shotcast module for mxBB CVE-2007-2312 (Multiple SQL injection vulnerabilities in the Virtual War (VWar) 1.5.0 ...) NOT-FOR-US: Virtual War (VWar) CVE-2007-2311 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: BlooFoxCMS CVE-2007-2310 (Cross-site scripting (XSS) vulnerability in plugins/spaw/img_popup.php ...) - TODO: check + NOT-FOR-US: BloofoxCMS CVE-2007-2309 (Cross-site scripting (XSS) vulnerability in cas.php in FloweRS 2.0 ...) - TODO: check + NOT-FOR-US: FloweRS CVE-2007-2308 (Cross-site scripting (XSS) vulnerability in cas.php in FloweRS 2.0 ...) - TODO: check + NOT-FOR-US: FloweRS CVE-2007-2307 (PHP remote file inclusion vulnerability in engine/engine.inc.php in ...) - TODO: check + NOT-FOR-US: WebKalk2 CVE-2007-2306 (Multiple cross-site scripting (XSS) vulnerabilities in the Virtual War ...) NOT-FOR-US: Virtual War (VWar) CVE-2007-2305 (Multiple SQL injection vulnerabilities in authenticate.php in Quick ...) - TODO: check + NOT-FOR-US: QDBlog CVE-2007-2304 (Multiple directory traversal vulnerabilities in Quick and Dirty Blog ...) - TODO: check + NOT-FOR-US: QDBlog CVE-2007-2303 (Directory traversal vulnerability in includes/footer.php in News ...) NOT-FOR-US: NMDeluxe CVE-2007-2302 (PHP remote file inclusion vulnerability in autoindex.php in Expow 0.8 ...) - TODO: check + NOT-FOR-US: Expow CVE-2007-2301 (Multiple PHP remote file inclusion vulnerabilities in audioCMS arash ...) - TODO: check + NOT-FOR-US: audioCMS CVE-2007-2300 (Multiple cross-site scripting (XSS) vulnerabilities in Endy Kristanto ...) - TODO: check + NOT-FOR-US: phpwebnews CVE-2007-2299 (Multiple SQL injection vulnerabilities in Frogss CMS 0.7 and earlier ...) NOT-FOR-US: CMS Frogss CVE-2007-2298 (Multiple PHP remote file inclusion vulnerabilities in Garennes 0.6.1 ...) - TODO: check + NOT-FOR-US: Garennes CVE-2007-2297 (The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x ...) TODO: check CVE-2007-2296 (Integer overflow in the FlipFileTypeAtom_BtoN function in Apple ...) @@ -73,15 +74,19 @@ CVE-2007-2295 (Heap-based buffer overflow in the JVTCompEncodeFrame function in Apple ...) NOT-FOR-US: Apple QuickTime CVE-2007-2294 (The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 ...) - TODO: check + - asterisk 1:1.4.3~dfsg-1 (low) CVE-2007-2293 (Multiple stack-based buffer overflows in the process_sdp function in ...) - TODO: check + - asterisk 1:1.4.3~dfsg-1 (high) CVE-2007-2292 (CRLF injection vulnerability in the Digest Authentication in Mozilla ...) - TODO: check + - iceweasel (low) + - firefox <removed> (low) + - mozilla <removed> (low) CVE-2007-2291 (CRLF injection vulnerability in the Digest Authentication in Microsoft ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-2290 (Multiple PHP remote file inclusion vulnerabilities in B2 Weblog and ...) - TODO: check + NOT-FOR-US: B2 Weblog + NOTE: Debian''s b2evolution does not contain the string "b2inc", + NOTE: and does not seem to suffer from this vulnerability. CVE-2007-2289 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Download-Engine CVE-2007-2288 (PHP remote file inclusion vulnerability in info.php in Doruk100.net ...) @@ -171,7 +176,7 @@ CVE-2007-2248 (Multiple cross-site scripting (XSS) vulnerabilities in admin.php in ...) NOT-FOR-US: Phorum CVE-2007-2247 (SQL injection vulnerability in modules/news/article.php in phpMySpace ...) - TODO: check + NOT-FOR-US: phpMySpace CVE-2007-2246 (Unspecified vulnerability in HP-UX B.11.00 and B.11.11, when running ...) NOT-FOR-US: HP-UX CVE-2007-2245 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)