Author: fw Date: 2007-08-04 11:21:09 +0000 (Sat, 04 Aug 2007) New Revision: 6230 Modified: data/CVE/list Log: NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-08-04 11:20:05 UTC (rev 6229) +++ data/CVE/list 2007-08-04 11:21:09 UTC (rev 6230) @@ -163,7 +163,7 @@ CVE-2007-4041 (Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 ...) TODO: check CVE-2007-4040 (Argument injection vulnerability involving Microsoft Outlook and ...) - TODO: check + NOT-FOR-US: Micrsoft Outlook CVE-2007-4039 (Argument injection vulnerability involving Mozilla, when certain URIs ...) TODO: check CVE-2007-4038 (Argument injection vulnerability in Mozilla Firefox before 2.0.0.5, ...) @@ -852,7 +852,7 @@ - clamav 0.91-1 [sarge] - clamav <not-affected> (Vulnerable code was introduced in 0.9x) CVE-2007-3724 (The process scheduler in the Microsoft Windows XP kernel does not make ...) - TODO: check + NOT-FOR-US: Microsoft Windows XP CVE-2007-3723 (The process scheduler in the Sun Solaris kernel does not make use of ...) TODO: check CVE-2007-3722 (The 4BSD process scheduler in the FreeBSD kernel performs scheduling ...) @@ -880,15 +880,15 @@ CVE-2007-3711 (Unspecified vulnerability in TOS 2.1.x, 2.2.x before 2.2.5, and 2.5.x ...) NOT-FOR-US: TippingPoint IPS CVE-2007-3710 (PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: PHP Comet-Server CVE-2007-3709 (CRLF injection vulnerability in the redirect function in ...) - TODO: check + NOT-FOR-US: CodeIgniter CVE-2007-3708 (Cross-site scripting (XSS) vulnerability in CodeIgniter 1.5.3 before ...) - TODO: check + NOT-FOR-US: CodeIgniter CVE-2007-3707 (Directory traversal vulnerability in index.php in CodeIgniter 1.5.3 ...) - TODO: check + NOT-FOR-US: CodeIgniter CVE-2007-3706 (The _sanitize_globals function in CodeIgniter 1.5.3 before 20070628 ...) - TODO: check + NOT-FOR-US: CodeIgniter CVE-2007-3705 (SQL injection vulnerability in FuseTalk 2.0 allows remote attackers to ...) NOT-FOR-US: FuseTalk CVE-2007-3704 (Entertainment CMS allows remote attackers to bypass authentication and ...) @@ -896,7 +896,7 @@ CVE-2007-3703 (Stack-based buffer overflow in a certain ActiveX control in sasatl.dll ...) NOT-FOR-US: Zenturi ProgramChecker CVE-2007-3702 (Directory traversal vulnerability in the load function in ...) - TODO: check + NOT-FOR-US: Mail Machine CVE-2007-3701 (TippingPoint IPS before 20070710 does not properly handle a ...) NOT-FOR-US: TippingPoint IPS CVE-2007-3700 (Sun Java System Access Manager (formerly Java System Identity Server) ...) @@ -928,27 +928,27 @@ CVE-2007-3688 (Multiple cross-site request forgery (CSRF) vulnerabilities in DotClear ...) NOT-FOR-US: DotClear CVE-2007-3687 (SQL injection vulnerability in inferno.php in the Inferno Technologies ...) - TODO: check + NOT-FOR-US: Inferno Technologies CVE-2007-3686 (CRLF injection vulnerability in db.php in Unobtrusive Ajax Star Rating ...) - TODO: check + NOT-FOR-US: Unobtrusive Ajax Star Rating Bar CVE-2007-3685 (Cross-site scripting (XSS) vulnerability in rpc.php in Unobtrusive ...) - TODO: check + NOT-FOR-US: Unobtrusive Ajax Star Rating Bar CVE-2007-3684 (Multiple SQL injection vulnerabilities in Unobtrusive Ajax Star Rating ...) - TODO: check + NOT-FOR-US: Unobtrusive Ajax Star Rating Bar CVE-2007-3683 (SQL injection vulnerability in pagetopic.php in Aigaion 1.3.3 and ...) - TODO: check + NOT-FOR-US: Aigaion CVE-2007-3682 (SQL injection vulnerability in index.php in OpenLD 1.2.2 and earlier ...) - TODO: check + NOT-FOR-US: OpenLD CVE-2007-3681 (The IOCTL 9031 (BIOCGSTATS) handler in the NPF.SYS device driver in ...) - TODO: check + NOT-FOR-US: WinPcap CVE-2007-3680 (Stack-based buffer overflow in the odm_searchpath function in libodm ...) - TODO: check + NOT-FOR-US: IBM AIX CVE-2007-3679 (The Citrix EPA ActiveX control (aka the "endpoint checking control" or ...) - TODO: check + NOT-FOR-US: Citrix CVE-2007-3678 (Stack-based buffer overflow in the MSWord text-import extension (Word ...) - TODO: check + NOT-FOR-US: QuarkXPress CVE-2007-3677 (Multiple SQL injection vulnerabilities in Maxsi eVisit Analyst allow ...) - TODO: check + NOT-FOR-US: Maxsi eVisit Analyst CVE-1999-1592 (Multiple unspecified vulnerabilities in sendmail 5, as installed on ...) TODO: check CVE-2007-3676 @@ -958,38 +958,38 @@ CVE-2007-3674 RESERVED CVE-2007-3673 (Symantec symtdi.sys before 7.0.0, as distributed in Symantec AntiVirus ...) - TODO: check + NOT-FOR-US: Symantec AntiVirus CVE-2007-3672 (Cross-site scripting (XSS) vulnerability in ecrire/tools.php in ...) - TODO: check + NOT-FOR-US: DotClear CVE-2007-3671 (Unspecified vulnerability in the kernel in Microsoft Windows Vista has ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2007-3670 (Argument injection vulnerability in Microsoft Internet Explorer, when ...) - iceweasel <not-affected> (Only affects Firefox/Thunderbird on Windows) - icedove <not-affected> (Only affects Firefox/Thunderbird on Windows) CVE-2007-3669 (Multiple unspecified vulnerabilities in the Innovasys DockStudioXP ...) - TODO: check + NOT-FOR-US: InnovaDSXP2.OCX ActiveX Control CVE-2007-3668 (Multiple unspecified vulnerabilities in NMSDVDXU.DLL in NuMedia ...) - TODO: check + NOT-FOR-US: NMSDVDXLib CVE-2007-3667 (Unspecified vulnerability in EXCLEXPT.DLL in ActiveReportsExcelReport ...) - TODO: check + NOT-FOR-US: ActiveReportsExcelReport CVE-2007-3666 (Buffer overflow in RemoteCommand.DLL in Symantec Norton Ghost 12.0 ...) - TODO: check + NOT-FOR-US: Symantec Ghost CVE-2007-3665 (Multiple unspecified vulnerabilities in FileBackup.DLL in Symantec ...) - TODO: check + NOT-FOR-US: Symantec Ghost CVE-2007-3664 (Multiple unspecified vulnerabilities in Eltima Software RunService ...) - TODO: check + NOT-FOR-US: Eltima Software CVE-2007-3663 (Divide-by-zero error in Media Player Classic (MPC) 6.4.9.0 allows ...) - TODO: check + NOT-FOR-US: guliverkli Media Player Classic CVE-2007-3662 (Media Player Classic (MPC) 6.4.9.0 allows user-assisted remote ...) - TODO: check + NOT-FOR-US: guliverkli Media Player Classic CVE-2007-3661 (Eltima Software Virtual Serial Port (VSPAX) ActiveX control ...) - TODO: check + NOT-FOR-US: Eltima Software CVE-2007-3660 (The Nonnoi ASP/Barcode ActiveX control (nonnoi_ASPBarcode.dll) allows ...) - TODO: check + NOT-FOR-US: Nonnoi CVE-2007-3659 (Buffer overflow in the doBrowserAction function in FreeWRL 1.19.3 ...) - TODO: check + NOT-FOR-US: FreeWRL CVE-2007-3658 (Unspecified vulnerability in Microsoft Register Server (REGSVR) allows ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2007-3657 (** DISPUTED ** ...) TODO: check CVE-2007-3656 (Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not ...) @@ -1010,31 +1010,31 @@ CVE-2007-3650 RESERVED CVE-2007-3649 (Absolute path traversal vulnerability in a certain ActiveX control in ...) - TODO: check + NOT-FOR-US: Hewlett-Packard (HP) Photo Digital Imaging ActiveX control CVE-2007-3648 (SQL injection vulnerability in Webmatic before 2.6.2, and possibly ...) NOT-FOR-US: WebMatic CVE-2007-3647 (The isloggedin function in Php/login.inc.php in phpTrafficA 1.4.3 and ...) - TODO: check + NOT-FOR-US: phpTrafficA CVE-2007-3646 (SQL injection vulnerability in index.php in FlashGameScript 1.7 and ...) - TODO: check + NOT-FOR-US: FlashGameScript CVE-2007-3645 (archive_read_support_format_tar.c in libarchive before 2.2.4 allows ...) - libarchive 2.2.4-1 (bug #432924; low) CVE-2007-3644 (archive_read_support_format_tar.c in libarchive before 2.2.4 allows ...) - libarchive 2.2.4-1 (bug #432924; low) CVE-2007-3643 (admin/index.php in AV Arcade 2.1b grants administrative privileges ...) - TODO: check + NOT-FOR-US: AV Arcade CVE-2007-3642 (The decode_choice function in net/netfilter/nf_conntrack_h323_asn1.c ...) - linux-2.6 2.6.22-2 CVE-2007-3641 (archive_read_support_format_tar.c in libarchive before 2.2.4 does not ...) - libarchive 2.2.4-1 (bug #432924; low) CVE-2007-3640 (Adobe Integrated Runtime (AIR, aka Apollo) allows context-dependent ...) - TODO: check + NOT-FOR-US: Adobe Apollo CVE-2007-3639 (WordPress before 2.2.2 allows remote attackers to redirect visitors to ...) TODO: check CVE-2007-3638 (Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote ...) - TODO: check + NOT-FOR-US: Yahoo! Messenger CVE-2007-3637 (SQL injection vulnerability in MKPortal 1.1.1 allows remote attackers ...) - TODO: check + NOT-FOR-US: MKPortal CVE-2007-3636 (Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for ...) TODO: check CVE-2007-3635 (Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin before ...) @@ -1042,7 +1042,7 @@ CVE-2007-3634 (Unspecified vulnerability in the G/PGP (GPG) Plugin 2.0 for ...) TODO: check CVE-2007-3633 (Absolute path traversal vulnerability in the Chilkat Software Chilkat ...) - TODO: check + NOT-FOR-US: Chilkat Software CVE-2007-3632 (Multiple PHP remote file inclusion vulnerabilities in LimeSurvey (aka ...) TODO: check CVE-2007-3631 (SQL injection vulnerability in index.php in GameSiteScript (gss) 3.1 ...)