Author: fw Date: 2007-08-04 09:22:50 +0000 (Sat, 04 Aug 2007) New Revision: 6225 Modified: data/CVE/list Log: NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-08-04 09:18:21 UTC (rev 6224) +++ data/CVE/list 2007-08-04 09:22:50 UTC (rev 6225) @@ -147,15 +147,15 @@ CVE-2007-4048 (Cross-site scripting (XSS) vulnerability in index.php in phpSysInfo ...) TODO: check CVE-2007-4047 (geoBlog (aka BitDamaged) 1 does not require authentication for (1) ...) - TODO: check + NOT-FOR-US: geoBlog CVE-2007-4046 (SQL injection vulnerability in index.php in the Pony Gallery ...) - TODO: check + NOT-FOR-US: Pony Gallery CVE-2007-4045 (The CUPS service on SUSE Linux before 20070720 allows remote attackers ...) TODO: check CVE-2007-4044 (Incomplete blacklist vulnerability in the MS-RPC functionality in smbd ...) TODO: check CVE-2007-4043 (file.cgi in Secure Computing SecurityReporter (aka Network Security ...) - TODO: check + NOT-FOR-US: Secure Computing SecurityReporter CVE-2007-4042 (Multiple argument injection vulnerabilities in Netscape Navigator 9 ...) TODO: check CVE-2007-4041 (Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 ...) @@ -167,39 +167,39 @@ CVE-2007-4038 (Argument injection vulnerability in Mozilla Firefox before 2.0.0.5, ...) TODO: check CVE-2007-4037 (** DISPUTED ** Guidance Software EnCase allows user-assisted remote ...) - TODO: check + NOT-FOR-US: Guidance Software CVE-2007-4036 (** DISPUTED ** Guidance Software EnCase allows user-assisted remote ...) - TODO: check + NOT-FOR-US: Guidance Software CVE-2007-4035 (** DISPUTED ** Guidance Software EnCase does not properly handle (1) ...) - TODO: check + NOT-FOR-US: Guidance Software CVE-2007-4034 (Stack-based buffer overflow in the YDPCTL.YDPControl.1 ActiveX control ...) - TODO: check + NOT-FOR-US: Yahoo! Widgets CVE-2007-4033 (Buffer overflow in php_gd2.dll in the gd (PHP_GD2) extension in PHP ...) TODO: check CVE-2007-4032 (Buffer overflow in CrystalPlayer Pro 1.98 allows user-assisted remote ...) - TODO: check + NOT-FOR-US: CrystalPlayer CVE-2007-4031 (Directory traversal vulnerability in a certain ActiveX control in ...) - TODO: check + NOT-FOR-US: Nessus ActiveX control CVE-2007-4030 RESERVED CVE-2007-4029 (libvorbis 1.1.2, and possibly other versions before 1.2.0, allows ...) TODO: check CVE-2007-4028 (Absolute path traversal vulnerability in index.php in Webspell 4.01.02 ...) - TODO: check + NOT-FOR-US: WebSPELL CVE-2007-4027 (Buffer overflow in cli32 in Areca CLI 1.72.250 and earlier might allow ...) - TODO: check + NOT-FOR-US: Areca CVE-2007-4026 (epesi framework before 0.8.6 does not properly verify file extensions, ...) - TODO: check + NOT-FOR-US: epesi CVE-2007-4025 (Unspecified vulnerability in Sun Java System (SJS) Application Server ...) - TODO: check + NOT-FOR-US: Sun Java System Application Server CVE-2007-4024 (Cross-site scripting (XSS) vulnerability in W1L3D4_aramasonuc.asp in ...) - TODO: check + NOT-FOR-US: W1L3D4 CVE-2007-4023 (Cross-site scripting (XSS) vulnerability in the login CGI program in ...) - TODO: check + NOT-FOR-US: Aruba Mobility Controller CVE-2007-4022 (Cross-site scripting (XSS) vulnerability in ...) - TODO: check + NOT-FOR-US: cPanel CVE-2007-4021 (Multiple cross-site scripting (XSS) vulnerabilities in login.php in ...) - TODO: check + NOT-FOR-US: Brain Book Software Secure CVE-2007-4020 (Multiple cross-site scripting (XSS) vulnerabilities in login.php in ...) TODO: check CVE-2007-4019 @@ -208,17 +208,17 @@ REJECTED NOTE: duplicate of CVE-2006-5645 CVE-2007-4018 (Citrix Access Gateway Advanced Edition before firmware 4.5.5 allows ...) - TODO: check + NOT-FOR-US: Citrix CVE-2007-4017 (Cross-site request forgery (CSRF) vulnerability in the web-based ...) - TODO: check + NOT-FOR-US: Citrix CVE-2007-4016 (Unspecified vulnerability in the client components in Citrix Access ...) - TODO: check + NOT-FOR-US: Citrix CVE-2007-4015 (Citrix Access Gateway Advanced Edition before 4.5 HF1 allows attackers ...) - TODO: check + NOT-FOR-US: Citrix CVE-2007-4014 (Cross-site scripting (XSS) vulnerability in a certain index.php ...) - TODO: check + NOT-FOR-US: Blix themes for WordPress CVE-2007-4013 (Multiple unspecified vulnerabilities in (1) Net6Helper.DLL (aka ...) - TODO: check + NOT-FOR-US: Citrix CVE-2007-4012 (Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 ...) NOT-FOR-US: Cisco CVE-2007-4011 (Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 ...) @@ -226,19 +226,19 @@ CVE-2007-4010 (The win32std extension in PHP 5.2.3 does not follow safe_mode and ...) TODO: check CVE-2007-4009 (PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: SWSoft Confixx CVE-2007-4008 (Directory traversal vulnerability in custom.php in Entertainment Media ...) - TODO: check + NOT-FOR-US: Entertainment CMS CVE-2007-4007 (PHP remote file inclusion vulnerability in index.php in Article ...) - TODO: check + NOT-FOR-US: Article Directory CVE-2007-4006 (Buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1.7 has ...) TODO: check CVE-2007-4005 (Stack-based buffer overflow in Mike Dubman Windows RSH daemon (rshd) ...) - TODO: check + NOT-FOR-US: Mike Dubman Windows RSH daemon CVE-2007-4004 (Buffer overflow in the ftp client in IBM AIX 5.3 SP6 and 5.2.0 allows ...) - TODO: check + NOT-FOR-US: IBM AIX CVE-2007-4003 (pioout in IBM AIX 5.3 SP6 allows local users to execute arbitrary code ...) - TODO: check + NOT-FOR-US: IBM AIX CVE-2007-4002 RESERVED CVE-2007-4001 @@ -605,7 +605,7 @@ CVE-2007-3829 (Multiple stack-based buffer overflows in (a) InterActual Player ...) NOT-FOR-US: InterActual Player CVE-2007-3828 (Unspecified vulnerability in mDNSResponder in Apple Mac OS X allows ...) - TODO: check + NOT-FOR-US: Apple Mac OS X CVE-2007-3827 (Mozilla Firefox allows for cookies to be set with a null domain (aka ...) TODO: check CVE-2007-3826 (Microsoft Internet Explorer 7 on Windows XP SP2 allows remote ...) @@ -720,13 +720,13 @@ CVE-2007-3772 (Directory traversal vulnerability in news/show.php in PsNews 1.1 ...) NOT-FOR-US: PsNews CVE-2007-3771 (Stack-based buffer overflow in the Internet E-mail Auto-Protect ...) - TODO: check + NOT-FOR-US: Symantec Antivirus CVE-2007-3770 (The terminal_helper_execute function in terminal/terminal.c in Xfce ...) TODO: check CVE-2007-3769 (Cross-site scripting (XSS) vulnerability in the mirrored server ...) - TODO: check + NOT-FOR-US: SurgeFTP CVE-2007-3768 (The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote ...) - TODO: check + NOT-FOR-US: SurgeFTP CVE-2007-3767 RESERVED CVE-2007-3766 @@ -836,13 +836,13 @@ CVE-2007-3730 (The default configuration of the POP server in TCP/IP Services 5.6 for ...) TODO: check CVE-2007-3729 (The default configuration of the POP server in TCP/IP Services 5.6 for ...) - TODO: check + NOT-FOR-US: HP OpenVMS CVE-2007-3728 (Buffer overflow in lib/silcclient/client_notify.c of SILC Client and ...) - silc-toolkit 1.1.2-1 [etch] - silc-toolkit <not-affected> (Only the 1.1.x branch is affected) NOTE: http://silcnet.org/docs/changelog/SILC Toolkit 1.1.2 CVE-2007-3727 (Multiple unspecified vulnerabilities in Webmatic before 2.7 have ...) - TODO: check + NOT-FOR-US: WebMatic CVE-2007-3726 (Integer signedness error in the SET_VALUE function in rarvm.cpp in ...) TODO: check CVE-2007-3725 (The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows ...) @@ -864,7 +864,7 @@ CVE-2007-3718 (Multiple unspecified vulnerabilities in the SVG parsing engine in ...) TODO: check CVE-2007-3717 (rcp on Sun Solaris 8, 9, and 10 before 20070710 does not properly call ...) - TODO: check + NOT-FOR-US: Sun Solaris CVE-2007-3716 (The Java XML Digital Signature implementation in Sun JDK and JRE 6 ...) TODO: check CVE-2007-3715 (Sun Java System Application Server and Web Server 7.0 through 9.0 ...) @@ -874,9 +874,9 @@ CVE-2007-3713 (Multiple buffer overflows in Konst CenterICQ 4.9.11 through 4.21 allow ...) TODO: check CVE-2007-3712 (Multiple cross-site scripting (XSS) vulnerabilities in HiddenChest "is ...) - TODO: check + NOT-FOR-US: HiddenChest CVE-2007-3711 (Unspecified vulnerability in TOS 2.1.x, 2.2.x before 2.2.5, and 2.5.x ...) - TODO: check + NOT-FOR-US: TippingPoint IPS CVE-2007-3710 (PHP remote file inclusion vulnerability in ...) TODO: check CVE-2007-3709 (CRLF injection vulnerability in the redirect function in ...) @@ -888,15 +888,15 @@ CVE-2007-3706 (The _sanitize_globals function in CodeIgniter 1.5.3 before 20070628 ...) TODO: check CVE-2007-3705 (SQL injection vulnerability in FuseTalk 2.0 allows remote attackers to ...) - TODO: check + NOT-FOR-US: FuseTalk CVE-2007-3704 (Entertainment CMS allows remote attackers to bypass authentication and ...) - TODO: check + NOT-FOR-US: Entertainment CMS CVE-2007-3703 (Stack-based buffer overflow in a certain ActiveX control in sasatl.dll ...) - TODO: check + NOT-FOR-US: Zenturi ProgramChecker CVE-2007-3702 (Directory traversal vulnerability in the load function in ...) TODO: check CVE-2007-3701 (TippingPoint IPS before 20070710 does not properly handle a ...) - TODO: check + NOT-FOR-US: TippingPoint IPS CVE-2007-3700 (Sun Java System Access Manager (formerly Java System Identity Server) ...) TODO: check CVE-2007-3699 @@ -1010,7 +1010,7 @@ CVE-2007-3649 (Absolute path traversal vulnerability in a certain ActiveX control in ...) TODO: check CVE-2007-3648 (SQL injection vulnerability in Webmatic before 2.6.2, and possibly ...) - TODO: check + NOT-FOR-US: WebMatic CVE-2007-3647 (The isloggedin function in Php/login.inc.php in phpTrafficA 1.4.3 and ...) TODO: check CVE-2007-3646 (SQL injection vulnerability in index.php in FlashGameScript 1.7 and ...)