stef-guest at alioth.debian.org
2007-Jul-31 20:38 UTC
[Secure-testing-commits] r6201 - data/CVE
Author: stef-guest Date: 2007-07-31 20:38:30 +0000 (Tue, 31 Jul 2007) New Revision: 6201 Modified: data/CVE/list Log: already fixed: lighttpd NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-07-31 20:07:36 UTC (rev 6200) +++ data/CVE/list 2007-07-31 20:38:30 UTC (rev 6201) @@ -252,83 +252,85 @@ CVE-2007-3994 RESERVED CVE-2007-3993 (Unspecified vulnerability in the attachment filter in Kerio MailServer ...) - TODO: check + NOT-FOR-US: Kerio MailServer CVE-2007-3992 (SQL injection vulnerability in vir_login.asp in iExpress Property Pro ...) - TODO: check + NOT-FOR-US: iExpress Property Pro CVE-2007-3991 (Multiple cross-site scripting (XSS) vulnerabilities in cv.asp in Asp ...) - TODO: check + NOT-FOR-US: Asp cvmatik CVE-2007-3990 (SQL injection vulnerability in default.asp in Dora Emlak 1.0, when the ...) - TODO: check + NOT-FOR-US: Dora Emlak CVE-2007-3989 (Multiple cross-site scripting (XSS) vulnerabilities in default.asp in ...) - TODO: check + NOT-FOR-US: Dora Emlak CVE-2007-3988 (Session fixation vulnerability in Virtual Hosting Control System ...) - TODO: check + NOT-FOR-US: Virtual Hosting Control System CVE-2007-3987 (SQL injection vulnerability in SearchResults.asp in ImageRacer 1.0, ...) - TODO: check + NOT-FOR-US: ImageRacer CVE-2007-3986 (file.cgi in Secure Computing SecurityReporter (aka Network Security ...) - TODO: check + NOT-FOR-US: Secure Computing SecurityReporter CVE-2007-3985 (Directory traversal vulnerability in file.cgi in Secure Computing ...) - TODO: check + NOT-FOR-US: Secure Computing SecurityReporter CVE-2007-3984 (Buffer overflow in a certain ActiveX control in the NixonMyPrograms ...) - TODO: check + NOT-FOR-US: Zenturi ProgramChecker CVE-2007-3983 (Absolute path traversal vulnerability in the Data Dynamics ...) - TODO: check + NOT-FOR-US: ActiveReports CVE-2007-3982 (Absolute path traversal vulnerability in the Data Dynamics ...) - TODO: check + NOT-FOR-US: ActiveReports CVE-2007-3981 (SQL injection vulnerability in index.php in WSN Links Basic Edition ...) - TODO: check + NOT-FOR-US: WSN Links CVE-2007-3980 (PHP remote file inclusion vulnerability in page.php in RCMS Pro ...) - TODO: check + NOT-FOR-US: RCMS Pro RGameScript Pro CVE-2007-3979 (SQL injection vulnerability in index.php in BlogSite Professional (aka ...) - TODO: check + NOT-FOR-US: BlogSite Professional CVE-2007-3978 (Session fixation vulnerability in bwired allows remote attackers to ...) - TODO: check + NOT-FOR-US: bwired CVE-2007-3977 (Cross-site scripting (XSS) vulnerability in bwired allows remote ...) - TODO: check + NOT-FOR-US: bwired CVE-2007-3976 (SQL injection vulnerability in index.php in bwired allows remote ...) - TODO: check + NOT-FOR-US: bwired CVE-2007-3975 (Cross-site scripting (XSS) vulnerability in index.php in Elite Forum ...) - TODO: check + NOT-FOR-US: Elite Forum CVE-2007-3974 (admin/ajoutaut.php in JBlog 1.0 does not require authentication, which ...) - TODO: check + NOT-FOR-US: JBlog CVE-2007-3973 (Multiple cross-site scripting (XSS) vulnerabilities in JBlog 1.0 allow ...) - TODO: check + NOT-FOR-US: JBlog CVE-2007-3972 (ESET NOD32 Antivirus before 2.2289 allows remote attackers to cause a ...) - TODO: check + NOT-FOR-US: ESET NOD32 Antivirus CVE-2007-3971 (Integer overflow in ESET NOD32 Antivirus before 2.2289 allows remote ...) - TODO: check + NOT-FOR-US: ESET NOD32 Antivirus CVE-2007-3970 (Race condition in ESET NOD32 Antivirus before 2.2289 allows remote ...) - TODO: check + NOT-FOR-US: ESET NOD32 Antivirus CVE-2007-3969 (Buffer overflow in Panda Antivirus before 20070720 allows remote ...) - TODO: check + NOT-FOR-US: Panda Antivirus CVE-2007-3968 (index.php in dirLIST before 0.1.1 allows remote attackers to list the ...) - TODO: check + NOT-FOR-US: dirLIST CVE-2007-3967 (Directory traversal vulnerability in index.php in PHP Directory Lister ...) - TODO: check + NOT-FOR-US: dirLIST CVE-2007-3966 (SQL injection vulnerability in Munch Pro allows remote attackers to ...) - TODO: check + NOT-FOR-US: Munch Pro CVE-2007-3965 (Unspecified vulnerability in uFMOD before 1.2.5 has unknown impact and ...) - TODO: check + NOT-FOR-US: uFMOD CVE-2007-3964 (Itaka before 0.2.1, when using Authentication mode, allows remote ...) - TODO: check + NOT-FOR-US: Itaka CVE-2007-3963 (Multiple cross-site scripting (XSS) vulnerabilities in UseBB 1.0.7, ...) - TODO: check + NOT-FOR-US: UseBB CVE-2007-3962 (Multiple stack-based buffer overflows in fsplib.c in fsplib before 0.9 ...) - TODO: check + NOT-FOR-US: fsplib + NOTE: vulnerable code not present in fsp CVE-2007-3961 (Off-by-one error in the fsp_readdir_r function in fsplib.c in fsplib ...) - TODO: check + NOT-FOR-US: fsplib + NOTE: vulnerable code not present in fsp CVE-2007-3960 (Multiple unspecified vulnerabilities in IBM WebSphere Application ...) NOT-FOR-US: IBM WebSphere CVE-2007-3959 (The IM Server (aka IMserve or IMserver) 2.0.5.30 and probably earlier ...) - TODO: check + NOT-FOR-US: Ipswitch Collaboration Suite (ICS) CVE-2007-3958 (Microsoft Windows Explorer (explorer.exe) allows user-assisted remote ...) NOT-FOR-US: Microsoft CVE-2007-3957 (Buffer overflow in Nipun Jain xserver 0.1 alpha allows remote ...) - TODO: check + NOT-FOR-US: Nipun Jain xserver CVE-2007-3956 (TeamSpeak WebServer 2.0 for Windows does not validate parameter value ...) TODO: check CVE-2007-3955 (Buffer overflow in the IEToolbar.IEContextMenu.1 ActiveX control in ...) - TODO: check + NOT-FOR-US: LinkedIn Toolbar CVE-2007-3954 (Argument injection vulnerability in Microsoft Internet Explorer, when ...) NOT-FOR-US: Microsoft CVE-2007-3953 (The OLE2 parsing in Norman Antivirus before 5.91.02 allows remote ...) @@ -338,17 +340,17 @@ CVE-2007-3951 (Multiple buffer overflows in Norman Antivirus 5.90 allow remote ...) NOT-FOR-US: Norman Antivirus CVE-2007-3950 (lighttpd 1.4.15, when run on 32 bit platforms, allows remote attackers ...) - TODO: check + - lighttpd 1.4.16-1 (bug #434888) CVE-2007-3949 (mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters ...) - TODO: check + - lighttpd 1.4.16-1 (bug #434888) CVE-2007-3948 (connections.c in lighttpd before 1.4.16 might accept more connections ...) - TODO: check + - lighttpd 1.4.16-1 (bug #434888) CVE-2007-3947 (request.c in lighttpd 1.4.15 allows remote attackers to cause a denial ...) - TODO: check + - lighttpd 1.4.16-1 (bug #434888) CVE-2007-3946 (mod_auth (http_auth.c) in lighttpd before 1.4.16 allows remote ...) - TODO: check + - lighttpd 1.4.16-1 (bug #434888) CVE-2007-3945 (Rule Set Based Access Control (RSBAC) before 1.3.5 does not properly ...) - TODO: check + NOT-FOR-US: Rule Set Based Access Control (RSBAC) CVE-2007-3944 (Unspecified vulnerability in Safari (MobileSafari) on the Apple iPhone ...) TODO: check CVE-2007-3943 (SQL injection vulnerability in Infinite Responder before 1.48 allows ...) @@ -384,9 +386,9 @@ CVE-2007-3928 (Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote ...) TODO: check CVE-2007-3927 (Multiple buffer overflows in Ipswitch IMail Server 2006 before 2006.21 ...) - TODO: check + NOT-FOR-US: Ipswitch IMail Server CVE-2007-3926 (Ipswitch IMail Server 2006 before 2006.21 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Ipswitch IMail Server CVE-2007-3925 (Multiple buffer overflows in the IMAP service (imapd32.exe) in ...) TODO: check CVE-2007-3924 (Argument injection vulnerability in Microsoft Internet Explorer, when ...) @@ -426,7 +428,7 @@ CVE-2007-3907 (Unspecified vulnerability in login.pl in LedgerSMB 1.2.0 through 1.2.6 ...) TODO: check CVE-2007-3906 (Unspecified vulnerability in Kaspersky Anti-Virus for Check Point ...) - TODO: check + NOT-FOR-US: Kaspersky Anti-Virus CVE-2007-3905 (SQL injection vulnerability in Zoph before 0.7.0.1 might allow remote ...) TODO: check CVE-2007-3904