stef-guest at alioth.debian.org
2007-May-16 19:22 UTC
[Secure-testing-commits] r5847 - data/CVE
Author: stef-guest Date: 2007-05-16 19:22:14 +0000 (Wed, 16 May 2007) New Revision: 5847 Modified: data/CVE/list Log: CVE-2007-1673: new zoo issue CVE-2007-141[23], CVE-2007-1864: new php issues NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-05-16 18:33:40 UTC (rev 5846) +++ data/CVE/list 2007-05-16 19:22:14 UTC (rev 5847) @@ -143,7 +143,7 @@ RESERVED CVE-2007-2518 REJECTED - TODO: check + NOTE: duplicate of CVE-2007-2518 CVE-2007-2517 RESERVED CVE-2007-2516 @@ -166,27 +166,28 @@ CVE-2007-2508 (Multiple stack-based buffer overflows in Trend Micro ServerProtect ...) NOT-FOR-US: Trend Micro CVE-2007-2507 (Directory traversal vulnerability in includes/download.php in Treble ...) - TODO: check + NOT-FOR-US: Treble Designs 1024 CMS CVE-2007-2506 (WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and ...) NOT-FOR-US: OpenEdge WebSpeed CVE-2007-2505 (Stack-based buffer overflow in InterVations MailCOPA 8.01 20070323 ...) NOT-FOR-US: MailCOPA CVE-2007-2504 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: PHP Turbulence CVE-2007-2503 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: PHP Turbulence CVE-2007-2502 (Unspecified vulnerability in HP ProCurve 9300m Series switches with ...) NOT-FOR-US: HP ProCurve 9300m Series switches CVE-2007-2501 (Eval injection vulnerability in codepress.html in CodePress before ...) - TODO: check + NOT-FOR-US: CodePress CVE-2007-2500 (server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash ...) - gnash <unfixed> (bug #423433) CVE-2007-2499 (Multiple cross-site scripting (XSS) vulnerabilities in DVDdb 0.6 and ...) - TODO: check + NOT-FOR-US: DVDdb CVE-2007-2498 (libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted remote ...) NOT-FOR-US: Winamp CVE-2007-2497 (RealNetworks RealPlayer 10 Gold allows remote attackers to cause a ...) - TODO: check + NOT-FOR-US: RealPlayer + NOTE: helix-player not affected CVE-2007-2496 (The WordOCX ActiveX control in WordViewer.ocx 3.2.0.5 allows remote ...) NOT-FOR-US: WordViewer.ocx CVE-2007-2495 (Multiple stack-based buffer overflows in the ExcelOCX ActiveX control ...) @@ -194,29 +195,29 @@ CVE-2007-2494 (Multiple stack-based buffer overflows in the PowerPointOCX ActiveX ...) NOT-FOR-US: PowerPointViewer .ocx CVE-2007-2493 (PHP remote file inclusion vulnerability in faq.php in the FAQ & RULES ...) - TODO: check + NOT-FOR-US: FAQ & RULES module for mxBB CVE-2007-2492 (SQL injection vulnerability in index.php in the v4bJournal module for ...) - TODO: check + NOT-FOR-US: v4bJournal module for PostNuke CVE-2007-2491 (The PIIX4 power management subsystem in EMC VMware Workstation ...) - TODO: check + NOT-FOR-US: EMC VMware CVE-2007-2490 (Unspecified vulnerability in LiveData Server before 5.00.62 allows ...) - TODO: check + NOT-FOR-US: LiveData Server CVE-2007-2489 (Heap-based buffer overflow in LiveData Protocol Server 5.00.045, and ...) - TODO: check + NOT-FOR-US: LiveData Protocol Server CVE-2007-2487 (Stack-based buffer overflow in AtomixMP3 allows remote attackers to ...) - TODO: check + NOT-FOR-US: AtomixMP3 CVE-2007-2486 (Directory traversal vulnerability in download.asp in Motobit 1.3 and ...) - TODO: check + NOT-FOR-US: Motobit CVE-2007-2485 (PHP remote file inclusion vulnerability in myflash-button.php in the ...) - TODO: check + NOT-FOR-US: myflash CVE-2007-2484 (PHP remote file inclusion vulnerability in js/wptable-button.php in ...) - TODO: check + NOT-FOR-US: wp-Table plugin for WordPress CVE-2007-2483 (Directory traversal vulnerability in js/wptable-button.php in the ...) - TODO: check + NOT-FOR-US: wp-Table plugin for WordPress CVE-2007-2482 (Directory traversal vulnerability in wordtube-button.php in the ...) - TODO: check + NOT-FOR-US: wordTube plugin for WordPress CVE-2007-2481 (PHP remote file inclusion vulnerability in wordtube-button.php in the ...) - TODO: check + NOT-FOR-US: wordTube plugin for WordPress CVE-2006-7202 (The dofreePDF function in includes/pdf.php in Mambo 4.6.1 does not ...) TODO: check CVE-2007-XXXX [schroot may use outdated configuration information] @@ -1572,7 +1573,8 @@ CVE-2007-1865 RESERVED CVE-2007-1864 (Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, ...) - TODO: check + - php4 <unfixed> + - php5 5.2.2-1 CVE-2007-1863 RESERVED CVE-2007-1862 @@ -2027,7 +2029,8 @@ CVE-2007-1674 (Stack-based buffer overflow in the Alert Service (aolnsrvr.exe) in ...) NOT-FOR-US: LANDesk Management Suite CVE-2007-1673 (unzoo.c allows remote attackers to cause a denial of service (infinite ...) - TODO: check + - zoo <unfixed> (bug filed) + - unzoo <unfixed> CVE-2007-1672 (avast! antivirus before 4.7.981 allows remote attackers to cause a ...) NOT-FOR-US: avast CVE-2007-1671 (avpack32.dll before 7.3.0.6 in Avira AntiVir allows remote attackers ...) @@ -2664,9 +2667,12 @@ CVE-2007-1414 (Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo ...) NOT-FOR-US: Coppermine Photo Gallery CVE-2007-1413 (Buffer overflow in the snmpget function in the snmp extension in PHP ...) - TODO: check + - php4 <unfixed> (unimportant) + - php5 <unfixed> (unimportant) + NOTE: Only triggerable by malicious script CVE-2007-1412 (The cpdf_open function in the ClibPDF (cpdf) extension in PHP 4.4.6 ...) - TODO: check + - php4 <unfixed> + - php5 <unfixed> CVE-2007-1411 (Buffer overflow in PHP 4.4.6 and earlier, and unspecified PHP 5 ...) TODO: check NOTE: Haven''t been able to reproduce the issue in either php4 or php5 @@ -4969,15 +4975,15 @@ CVE-2007-0610 (Cross-site scripting (XSS) vulnerability in the mailform feature in ...) NOT-FOR-US: CMSimple CVE-2007-0609 (Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows ...) - TODO: check + NOT-FOR-US: Advanced Guestbook CVE-2007-0608 (Advanced Guestbook 2.4.2 allows remote attackers to obtain sensitive ...) - TODO: check + NOT-FOR-US: Advanced Guestbook CVE-2007-0607 (W-Agora (Web-Agora) 4.2.1, when register_globals is enabled, stores ...) NOT-FOR-US: Web-Agora CVE-2007-0606 (w-agora 4.2.1 allows remote attackers to obtain sensitive information ...) NOT-FOR-US: Web-Agora CVE-2007-0605 (Cross-site scripting (XSS) vulnerability in picture.php in Advanced ...) - TODO: check + NOT-FOR-US: Advanced Guestbook CVE-2007-0604 (Cross-site scripting (XSS) vulnerability in Movable Type (MT) before ...) NOT-FOR-US: Movable Type CVE-2007-0603 (PGP Desktop before 9.5.1 does not validate data objects received over ...)