Author: fw Date: 2007-06-16 11:50:14 +0000 (Sat, 16 Jun 2007) New Revision: 6017 Modified: data/CVE/list Log: NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-06-16 11:49:39 UTC (rev 6016) +++ data/CVE/list 2007-06-16 11:50:14 UTC (rev 6017) @@ -345,33 +345,33 @@ CVE-2007-3089 (Mozilla Firefox does not prevent use of document.write to replace an ...) TODO: check CVE-2007-3088 (SQL injection vulnerability in index.php in Comicsense allows remote ...) - TODO: check + NOT-FOR-US: Comicsense CVE-2007-3087 (Peercast places a cleartext password in a query string, which might ...) - TODO: check + NOT-FOR-US: PeerCast CVE-2007-3086 (Unrestricted critical resource lock in Agnitum Outpost Firewall PRO ...) - TODO: check + NOT-FOR-US: Outpost Firewall PRO CVE-2007-3085 (Multiple PHP remote file inclusion vulnerabilities in PBSite allow ...) - TODO: check + NOT-FOR-US: PBSite CVE-2007-3084 (PHP remote file inclusion vulnerability in sampleblogger.php in Comdev ...) - TODO: check + NOT-FOR-US: Comdev Web Blogger CVE-2007-3083 (Z-Blog 1.7 stores sensitive information under the web root with ...) - TODO: check + NOT-FOR-US: Z-Blog CVE-2007-3082 (Directory traversal vulnerability in sendcard.php in Sendcard 3.4.1 ...) - TODO: check + NOT-FOR-US: Sendcard CVE-2007-3081 (PHP remote file inclusion vulnerability in sampleecommerce.php in ...) - TODO: check + NOT-FOR-US: Comdev eCommerce CVE-2007-3080 (SQL injection vulnerability in haberoku.asp in Hunkaray Okul Portaly ...) - TODO: check + NOT-FOR-US: Hunkaray Okul Portaly CVE-2007-3079 (listmembers.php in EQdkp 1.3.2c and earlier allows remote attackers to ...) - TODO: check + NOT-FOR-US: EQdkp CVE-2007-3078 (Multiple cross-site scripting (XSS) vulnerabilities in Aigaion before ...) - TODO: check + NOT-FOR-US: Aigaion CVE-2007-3077 (SQL injection vulnerability in listmembers.php in EQdkp 1.3.2 and ...) - TODO: check + NOT-FOR-US: EQdkp CVE-2007-3076 (A certain ActiveX control in sasatl.dll in Zenturi ProgramChecker ...) - TODO: check + NOT-FOR-US: Zenturi ProgramChecker CVE-2007-3075 (Directory traversal vulnerability in Microsoft Internet Explorer ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2007-3074 (Mozilla Firefox 2.0.0.4 and earlier allows remote attackers to read ...) TODO: check CVE-2007-3073 (Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and ...) @@ -379,65 +379,65 @@ CVE-2007-3072 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.4 on ...) TODO: check CVE-2007-3071 (Buffer overflow in the GetWebStoreURL function in a certain ActiveX ...) - TODO: check + NOT-FOR-US: eSellerate CVE-2007-3070 (Cross-site scripting (XSS) vulnerability in index.php in BDigital Web ...) - TODO: check + NOT-FOR-US: BDigital Web Solutions WebStudio CVE-2007-3069 (xscreensaver in Sun Solaris 10 before 20070604, when a GNOME session ...) - TODO: check + NOT-FOR-US: Sun Solaris CVE-2007-3068 (Stack-based buffer overflow in DVD X Player 4.1 Professional allows ...) - TODO: check + NOT-FOR-US: DVD X Player CVE-2007-3067 (Cross-site scripting (XSS) vulnerability in the Attunement and Key ...) - TODO: check + NOT-FOR-US: EQdkp CVE-2007-3066 (Multiple PHP remote file inclusion vulnerabilities in php(Reactor) ...) - TODO: check + NOT-FOR-US: IBM DB2 CVE-2007-3065 (SQL injection vulnerability in viewimage.php in Particle Soft Particle ...) - TODO: check + NOT-FOR-US: Particle Gallery CVE-2007-3064 (Cross-site scripting (XSS) vulnerability in diary.php in My Databook ...) - TODO: check + NOT-FOR-US: My Datebook CVE-2007-3063 (SQL injection vulnerability in diary.php in My Databook allows remote ...) - TODO: check + NOT-FOR-US: My Datebook CVE-2007-3062 (Cross-site scripting (XSS) vulnerability in HP System Management ...) - TODO: check + NOT-FOR-US: HP System Management Homepage CVE-2007-3061 (Cactushop 6 and earlier stores sensitive information under the web ...) - TODO: check + NOT-FOR-US: Cactushop CVE-2007-3060 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 ...) TODO: check CVE-2007-3059 (SendCard 3.3.0 allows remote attackers to obtain sensitive information ...) - TODO: check + NOT-FOR-US: SendCard CVE-2007-3058 (Multiple PHP remote file inclusion vulnerabilities in Madirish Webmail ...) - TODO: check + NOT-FOR-US: Madirish Webmail CVE-2007-3057 (PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: XOOPS CVE-2007-3056 (Cross-site scripting (XSS) vulnerability in filedetails.php in WebSVN ...) TODO: check CVE-2007-3055 (Cross-site scripting (XSS) vulnerability in index.php in Codelib ...) - TODO: check + NOT-FOR-US: Codelib Linker CVE-2007-3054 (Cross-site scripting (XSS) vulnerability in search.php in Codelib ...) - TODO: check + NOT-FOR-US: Codelib Linker CVE-2007-3053 (Session fixation vulnerability in Calimero.CMS 3.3.1232 and earlier ...) - TODO: check + NOT-FOR-US: Calimero CVE-2007-3052 (SQL injection vulnerability in index.php in the PNphpBB2 1.2i and ...) - TODO: check + NOT-FOR-US: PostNuke CVE-2007-3051 (SQL injection vulnerability in inc/class_users.php in RevokeSoft ...) - TODO: check + NOT-FOR-US: RevokeSoft RevokeBB CVE-2007-3050 (Session fixation vulnerability in chameleon cms 3.0 and earlier allows ...) - TODO: check + NOT-FOR-US: chameleon cms CVE-2007-3049 (Cross-site scripting (XSS) vulnerability in index.php in Buttercup web ...) - TODO: check + NOT-FOR-US: Buttercup BWFM CVE-2007-3048 (** DISPUTED ** ...) - screen <not-affected> (not reproducible) CVE-2007-3047 (The Vonage VoIP Telephone Adapter has a default administrator username ...) - TODO: check + NOT-FOR-US: Vonage CVE-2007-3046 (Buffer overflow in Advanced Software Production Line Vortex Library ...) - TODO: check + NOT-FOR-US: Advanced Software Production Line Vortex Library CVE-2007-3045 (Unspecified vulnerability in Hitachi TP1/NET/OSI-TP-Extended on ...) - TODO: check + NOT-FOR-US: Hitachi TP1 CVE-2007-3044 (Unspecified vulnerability in the Map I/O Service (xpwmap) in Hitachi ...) - TODO: check + NOT-FOR-US: Hitachi CVE-2007-3043 (Cross-site scripting (XSS) vulnerability in Collaboration - File ...) - TODO: check + NOT-FOR-US: Hitachi Collaboration CVE-2007-3042 (Cross-site scripting (XSS) vulnerability in Meneame before 2 allows ...) - TODO: check + NOT-FOR-US: Meneame CVE-2007-3041 RESERVED CVE-2007-3040 @@ -467,7 +467,7 @@ CVE-2007-3028 RESERVED CVE-2007-3027 (Race condition in Microsoft Internet Explorer 5.01, 6, and 7 allows ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2007-3026 RESERVED CVE-2007-3025 (Unspecified vulnerability in libclamav/phishcheck.c in ClamAV before ...) @@ -477,9 +477,9 @@ CVE-2007-3023 (unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not ...) - clamav 0.90.3-1 CVE-2007-3022 (Symantec Reporting Server 1.0.197.0, and other versions before ...) - TODO: check + NOT-FOR-US: Symantec CVE-2007-3021 (Symantec Reporting Server 1.0.197.0, and other versions before ...) - TODO: check + NOT-FOR-US: Symantec CVE-2007-3020 RESERVED CVE-2007-3019 @@ -503,81 +503,81 @@ CVE-2007-3010 RESERVED CVE-2007-3009 (Format string vulnerability in the MprLogToFile::logEvent function in ...) - TODO: check + NOT-FOR-US: Mbedthis AppWeb CVE-2007-3008 (Mbedthis AppWeb before 2.2.2 enables the HTTP TRACE method, which has ...) - TODO: check + NOT-FOR-US: Mbedthis AppWeb CVE-2007-3007 (PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode ...) - php5 5.2.3-1 (unimportant) CVE-2007-3006 (Buffer overflow in Acoustica MP3 CD Burner 4.32 allows user-assisted ...) - TODO: check + NOT-FOR-US: Acoustica MP3 CD Burner CVE-2007-3005 (Unspecified vulnerability in the Sun Java Runtime Environment in JDK ...) TODO: check CVE-2007-3004 (Buffer overflow in the image parsing implementation in the Sun Java ...) TODO: check CVE-2007-3003 (Multiple SQL injection vulnerabilities in myBloggie 2.1.6 and earlier ...) - TODO: check + NOT-FOR-US: myBloggie CVE-2007-3002 (PHP JackKnife (PHPJK) allows remote attackers to obtain sensitive ...) - TODO: check + NOT-FOR-US: PHP JackKnife CVE-2007-3001 (Multiple cross-site scripting (XSS) vulnerabilities in PHP JackKnife ...) - TODO: check + NOT-FOR-US: PHP JackKnife CVE-2007-3000 (Multiple SQL injection vulnerabilities in PHP JackKnife (PHPJK) allow ...) - TODO: check + NOT-FOR-US: PHP JackKnife CVE-2007-2999 (Microsoft Windows Server 2003, when time restrictions are in effect ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2007-2998 (The Pascal run-time library (PAS$RTL.EXE) before 20070418 on OpenVMS ...) - TODO: check + NOT-FOR-US: OpenVMS CVE-2007-2997 (Multiple SQL injection vulnerabilities in cgi-bin/reorder2.asp in ...) - TODO: check + NOT-FOR-US: SalesCart Shopping Cart CVE-2007-2996 (Unspecified vulnerability in perl.rte 5.8.0.10 through 5.8.0.95 on IBM ...) - TODO: check + NOT-FOR-US: IBM AIX CVE-2007-2995 (Unspecified vulnerability in sysmgt.websm.rte in IBM AIX 5.2.0 and ...) - TODO: check + NOT-FOR-US: IBM AIX CVE-2007-2994 (SQL injection vulnerability in news.php in DGNews 2.1 allows remote ...) - TODO: check + NOT-FOR-US: DGNews CVE-2007-2993 (Multiple cross-site scripting (XSS) vulnerabilities in OmegaMw7.asp in ...) - TODO: check + NOT-FOR-US: OMEGA INterneSErvicesLosungen (INSEL) CVE-2007-2992 (Multiple SQL injection vulnerabilities in OmegaMw7.asp in OMEGA (aka ...) - TODO: check + NOT-FOR-US: OMEGA INterneSErvicesLosungen (INSEL) CVE-2007-2991 (Cross-site scripting (XSS) vulnerability in includes/send.inc.php in ...) - TODO: check + NOT-FOR-US: Evenzia CMS CVE-2007-2990 (Unspecified vulnerability in inetd in Sun Solaris 10 before 20070529 ...) - TODO: check + NOT-FOR-US: Sun Solaris CVE-2007-2989 (The libike library in Sun Solaris 9 before 20070529 contains a logic ...) - TODO: check + NOT-FOR-US: Sun Solaris CVE-2007-2988 (A certain admin script in Inout Meta Search Engine sends a redirect to ...) - TODO: check + NOT-FOR-US: Inout Meta Search Engine CVE-2007-2987 (Multiple buffer overflows in certain ActiveX controls in sasatl.dll in ...) - TODO: check + NOT-FOR-US: Zenturi ProgramChecker CVE-2007-2986 (PHP remote file inclusion vulnerability in lib/live_status.lib.php in ...) - TODO: check + NOT-FOR-US: AdminBot CVE-2007-2985 (Pheap 2.0 allows remote attackers to bypass authentication by setting ...) - TODO: check + NOT-FOR-US: Pheap CVE-2007-2984 (Multiple stack-based buffer overflows in the Media Technology Group ...) - TODO: check + NOT-FOR-US: Media Technology Group CDPass CVE-2007-2982 (Multiple buffer overflows in the British Telecommunications Business ...) - TODO: check + NOT-FOR-US: British Telecommunications Business Connect CVE-2007-2981 (Buffer overflow in a certain ActiveX control in LEAD Technologies ...) - TODO: check + NOT-FOR-US: LeadTools CVE-2007-2980 (Heap-based buffer overflow in a certain ActiveX control in LEADTOOLS ...) - TODO: check + NOT-FOR-US: LeadTools CVE-2007-2979 (Techno Dreams Web Directory / Search Engine 2.0 stores sensitive ...) - TODO: check + NOT-FOR-US: Techno Dreams Web Directory / Search Engine CVE-2007-2978 (Session fixation vulnerability in eggblog 3.1.0 and earlier allows ...) - TODO: check + NOT-FOR-US: eggblog CVE-2007-2977 (Buffer overflow in the receive function in submit/submitcommon.c in ...) - TODO: check + NOT-FOR-US: DOMjudge CVE-2007-2976 (Centrinity FirstClass 8.3 and earlier, and Server and Internet ...) - TODO: check + NOT-FOR-US: Centrinity CVE-2007-2975 (Unspecified vulnerability in the built-in admin console in Ignite ...) - TODO: check + NOT-FOR-US: Ignite Realtime CVE-2007-2974 (Buffer overflow in the file parsing engine in Avira Antivir Antivirus ...) - TODO: check + NOT-FOR-US: Avira Antivirus CVE-2007-2973 (Avira Antivir Antivirus before 7.03.00.09 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Avira Antivirus CVE-2007-2972 (The file parsing engine in Avira Antivir Antivirus before 7.04.00.24 ...) - TODO: check + NOT-FOR-US: Avira Antivirus CVE-2007-2971 (SQL injection vulnerability in getnewsitem.php in gCards 1.46 and ...) - TODO: check + NOT-FOR-US: gCards CVE-2007-2970 (Multiple cross-site scripting (XSS) vulnerabilities in cgi/block.cgi ...) TODO: check CVE-2007-2969 (PHP remote file inclusion vulnerability in newsletter.php in ...)