Author: fw Date: 2007-06-16 10:39:08 +0000 (Sat, 16 Jun 2007) New Revision: 6008 Modified: data/CVE/list Log: NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-06-16 10:38:52 UTC (rev 6007) +++ data/CVE/list 2007-06-16 10:39:08 UTC (rev 6008) @@ -178,17 +178,17 @@ - karrigell <unfixed> (bug #429207) - jspwiki <unfixed> (bug #429206) CVE-2007-3162 (Buffer overflow in the NotSafe function in the idaiehlp ActiveX ...) - TODO: check + NOT-FOR-US: Internet Download Accelerator CVE-2007-3161 (Buffer overflow in Ace-FTP Client 1.24a allows user-assisted, remote ...) - TODO: check + NOT-FOR-US: Ace-FTP Client CVE-2007-3160 (PHP remote file inclusion vulnerability in admin/header.php in PHP ...) - TODO: check + NOT-FOR-US: PHP Real Estate Classifieds Premium Plus CVE-2007-3159 (http.c in MiniWeb Http Server 0.8.x allows remote attackers to cause a ...) - TODO: check + NOT-FOR-US: MiniWeb CVE-2007-3158 (download_script.asp in ASP Folder Gallery allows remote attackers to ...) - TODO: check + NOT-FOR-US: ASP Folder Gallery CVE-2007-3157 (IPSecDrv.sys 10.4.0.12 in SafeNET High Assurance Remote 1.4.0 Build ...) - TODO: check + NOT-FOR-US: SafeNET CVE-2007-3156 (Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi ...) - webmin <removed> CVE-2007-3155 (Unspecified vulnerability in eGroupWare before 1.2.107-2 has unknown ...) @@ -199,21 +199,21 @@ - egroupware-core <unfixed> (bug #429215) - gallery <unfixed> (bug #429213) CVE-2007-3153 (The ares_init:randomize_key function in c-ares, on platforms other ...) - TODO: check + NOT-FOR-US: c-ares CVE-2007-3152 (c-ares before 1.4.0 uses a predictable seed for the random number ...) - TODO: check + NOT-FOR-US: c-ares CVE-2007-3151 (rpttop.htm in the web management interface in Packeteer PacketShaper ...) - TODO: check + NOT-FOR-US: Packeteer PacketShaper CVE-2007-3150 (Google Desktop allows user-assisted remote attackers to execute ...) - TODO: check + NOT-FOR-US: Google Desktop CVE-2007-3149 (sudo, when linked with MIT Kerberos 5 (krb5), does not properly check ...) TODO: check CVE-2007-3148 (Buffer overflow in the Yahoo! Webcam Viewer ActiveX control in ...) - TODO: check + NOT-FOR-US: Yahoo! Webcam Viewer CVE-2007-3147 (Buffer overflow in the Yahoo! Webcam Upload ActiveX control in ...) - TODO: check + NOT-FOR-US: Yahoo! Webcam Upload CVE-2007-3146 (Zen Help Desk 2.1 stores sensitive information under the web root with ...) - TODO: check + NOT-FOR-US: Zen Help Desk CVE-2007-3145 (Visual truncation vulnerability in Galeon 2.0.1 allows remote ...) - galeon <unfixed> (low; bug #429216) CVE-2007-3144 (Visual truncation vulnerability in Mozilla 1.7.12 allows remote ...) @@ -225,31 +225,31 @@ CVE-2007-3143 (Visual truncation vulnerability in Konqueror 3.5.5 allows remote ...) - kdebase <unfixed> (low) CVE-2007-3142 (Visual truncation vulnerability in Opera 9.21 allows remote attackers ...) - TODO: check + NOT-FOR-US: Opera CVE-2007-3141 (PHP remote file inclusion vulnerability in core/editor.php in ...) - TODO: check + NOT-FOR-US: phpWebThings CVE-2007-3140 (SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows ...) - wordpress <unfixed> (bug #428073) CVE-2007-3139 (config/general.php in Quick.Cart 2.2 and earlier uses a default ...) - TODO: check + NOT-FOR-US: Quick.Cart CVE-2007-3138 (Directory traversal vulnerability in index.php in Open Solution ...) - TODO: check + NOT-FOR-US: Quick.Cart CVE-2007-3137 (Multiple cross-site scripting (XSS) vulnerabilities in 4print.asp in ...) - TODO: check + NOT-FOR-US: WmsCMS CVE-2007-3136 (PHP remote file inclusion vulnerability in inc/nuke_include.php in ...) - TODO: check + NOT-FOR-US: newsSync CVE-2007-3135 (Cross-site scripting (XSS) vulnerability in atomPhotoBlog.php in Atom ...) - TODO: check + NOT-FOR-US: Atom Photoblog CVE-2007-3134 (Multiple cross-site scripting (XSS) vulnerabilities in ...) - TODO: check + NOT-FOR-US: Atom PhotoBlog CVE-2007-3133 (SQL injection vulnerability in urunbak.asp in W1L3D4 WEBmarket 0.1 ...) - TODO: check + NOT-FOR-US: W1L3D4 CVE-2007-3132 (Multiple vulnerabilities in Symantec Ghost Solution Suite 2.0.0 and ...) - TODO: check + NOT-FOR-US: Symantec Ghost CVE-2007-3131 (Cross-site scripting (XSS) vulnerability in add_comment.php in Light ...) - TODO: check + NOT-FOR-US: Light Blog CVE-2007-3130 (Multiple PHP remote file inclusion vulnerabilities in the OpenWiki ...) - TODO: check + NOT-FOR-US: OpenWiki CVE-2005-4845 (The Java Plug-in 1.4.2_03 and 1.4.2_04 controls, and the 1.4.2_03 and ...) TODO: check CVE-2005-4844 (The CLSID_ApprenticeICW control allows remote attackers to cause a ...) @@ -273,7 +273,7 @@ CVE-2007-3125 (Format string vulnerability in the inputAnswer function in file.c in ...) - w3m <unfixed> (medium) CVE-2007-3124 (Buffer overflow in backup/src/vmsbackup.c (aka the backup utility) in ...) - TODO: check + NOT-FOR-US: FreeVMS CVE-2007-3123 (unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 ...) TODO: check CVE-2007-3122 (The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 ...)