keescook-guest at alioth.debian.org
2007-Jun-20 20:41 UTC
[Secure-testing-commits] r6036 - data/CVE
Author: keescook-guest Date: 2007-06-20 20:41:05 +0000 (Wed, 20 Jun 2007) New Revision: 6036 Modified: data/CVE/list Log: unfixed: jffnms, fixed: jffnms vim Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-06-20 16:59:37 UTC (rev 6035) +++ data/CVE/list 2007-06-20 20:41:05 UTC (rev 6036) @@ -97,7 +97,8 @@ - php4 <unfixed> (low) - php5 <unfixed> (low) CVE-2007-3204 (SQL injection vulnerability in auth.php in Just For Fun Network ...) - NOT-FOR-US: Just For Fun Network Management System (JFFNMS) + - jffnms <unfixed> (high) + NOTE: the fix for CVE-2007-3190 is incomplete (the ''pass'' param can still contain an injection) CVE-2007-3203 (Stack-based buffer overflow in smtpdll.dll in the SMTP service in ...) NOT-FOR-US: 602Pro LAN SUITE CVE-2007-3202 (Cross-site scripting (XSS) vulnerability in the rich text editor in ...) @@ -121,13 +122,13 @@ CVE-2007-3193 (lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the ...) - phpwiki <unfixed> (low; bug #429201) CVE-2007-3192 (admin/setup.php in Just For Fun Network Management System (JFFNMS) ...) - NOT-FOR-US: Just For Fun Network Management System (JFFNMS) + - jffnms <unfixed> (medium) CVE-2007-3191 (Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote ...) - NOT-FOR-US: Just For Fun Network Management System (JFFNMS) + - jffnms 0.8.3dfsg.1-4 CVE-2007-3190 (Multiple SQL injection vulnerabilities in auth.php in Just For Fun ...) - NOT-FOR-US: Just For Fun Network Management System (JFFNMS) + - jffnms 0.8.3dfsg.1-4 CVE-2007-3189 (Cross-site scripting (XSS) vulnerability in auth.php in Just For Fun ...) - NOT-FOR-US: Just For Fun Network Management System (JFFNMS) + - jffnms 0.8.3dfsg.1-4 CVE-2007-3188 (SQL injection vulnerability in down_indir.asp in Fullaspsite GeometriX ...) NOT-FOR-US: Fullaspsite GeometriX Download Portal CVE-2007-3187 (Multiple unspecified vulnerabilities in Apple Safari for Windows allow ...) @@ -266,8 +267,6 @@ NOT-FOR-US: Microsoft CVE-2005-4841 (The Outlook Progress Ctl control allows remote attackers to cause a ...) NOT-FOR-US: Microsoft -CVE-2007-XXXX [jffnms multiple issues] - - jffnms 0.8.3dfsg.1-4 CVE-2007-3129 RESERVED CVE-2007-3128 @@ -1017,7 +1016,7 @@ CVE-2007-2793 (PHP remote file inclusion vulnerability in ImageImageMagick.php in ...) - geeklog <itp> (bug #203818) CVE-2007-2792 (SQL injection vulnerability in index.php in the com_yanc 1.4 beta ...) - NOT-FOR-US: com_yanc + NOT-FOR-US: com_yanc for Mambo NOTE: com_yanc component not in Mambo Debian package CVE-2007-2791 (Unspecified vulnerability in the Secure Shell (SSH) in HP Tru64 UNIX ...) NOT-FOR-US: HP Tru64 @@ -1058,7 +1057,7 @@ CVE-2007-2775 (AlstraSoft Live Support 1.21 sends a redirect to the web browser but ...) NOT-FOR-US: AlstraSoft Live Support CVE-2007-2774 (Multiple PHP remote file inclusion vulnerabilities in SunLight CMS 5.3 ...) - NOT-FOR-US: SunLight CMS + NOT-FOR-US: SunLight CMS CVE-2007-2773 (SQL injection vulnerability in plugins/mp3playlist/mp3playlist.php in ...) NOT-FOR-US: Zomplog CVE-2007-2772 ((1) caloggerd.exe (camt70.dll) and (2) mediasvr.exe (catirpc.dll and ...) @@ -1082,7 +1081,7 @@ CVE-2007-2765 (blockhosts.py in BlockHosts before 2.0.3 does not properly parse ...) NOT-FOR-US: BlockHosts CVE-2007-2764 (The embedded Linux kernel in certain Sun-Brocade SilkWorm switches ...) - NOT-FOR-US: Sun switches + NOT-FOR-US: Sun-Brocade SilkWorm CVE-2007-2763 (Buffer overflow in the UnlockSupport function in the LockModules ...) NOT-FOR-US: Sienzo Digital Music Mentor ActiveX control CVE-2007-2762 (Multiple PHP remote file inclusion vulnerabilities in Build it Fast ...) @@ -1122,9 +1121,9 @@ CVE-2007-2747 (Directory traversal vulnerability in rdw_helpers.py in rdiffWeb before ...) NOT-FOR-US: rdiffWeb CVE-2007-2746 (The viewList function in lib/WebGUI/Asset/Wobject/DataForm.pm in Plain ...) - NOT-FOR-US: Plain Black WebGUI + NOT-FOR-US: Plain Black WebGUI CVE-2007-2745 (Cross-site scripting (XSS) vulnerability in printcal.pl in vDesk ...) - NOT-FOR-US: vDesk + NOT-FOR-US: vDesk Webmail CVE-2007-2744 (Stack-based buffer overflow in the PrecisionID Barcode 1.9 ActiveX ...) NOT-FOR-US: PrecisionID CVE-2007-2743 (PHP remote file inclusion vulnerability in custom_vars.php in ...) @@ -1146,7 +1145,7 @@ CVE-2007-2735 (SQL injection vulnerability in edit_day.php in the ResManager 1.2.1 ...) NOT-FOR-US: ResManager for Xoops CVE-2007-2734 (The 3Com TippingPoint IPS do not properly handle certain full-width ...) - NOT-FOR-US: TippingPoint IPS + NOT-FOR-US: 3Com TippingPoint IPS CVE-2007-2733 (Unrestricted file upload vulnerability in Jetbox CMS allows remote ...) NOT-FOR-US: Jetbox CMS CVE-2007-2732 (Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS ...) @@ -1420,7 +1419,7 @@ CVE-2007-2607 (PHP remote file inclusion vulnerability in views/print/printbar.php in ...) NOT-FOR-US: LaVague CVE-2007-2606 (Multiple buffer overflows in Firebird 2.1 allow attackers to trigger ...) - TODO: check + - vim 1:7.1-000+1 (medium) CVE-2007-2605 (Unspecified vulnerability in the GetPropertyById function in ...) NOT-FOR-US: Brujula Toolbar CVE-2007-2604 (Unspecified vulnerability in the FlexLabel ActiveX control allows ...) @@ -1778,11 +1777,11 @@ CVE-2007-2442 RESERVED CVE-2007-2441 (Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for ...) - NOT-FOR-US: Caucho Resin + NOT-FOR-US: Caucho Resin Professional CVE-2007-2440 (Directory traversal vulnerability in Caucho Resin Professional 3.1.0 ...) - NOT-FOR-US: Caucho Resin + NOT-FOR-US: Caucho Resin Professional CVE-2007-2439 (Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for ...) - NOT-FOR-US: Caucho Resin + NOT-FOR-US: Caucho Resin Professional CVE-2007-2438 (The sandbox for vim allows dangerous functions such as (1) writefile, ...) - vim <unfixed> (medium) NOTE: Exploitable through modelines.