stef-guest at alioth.debian.org
2007-Aug-16 20:49 UTC
[Secure-testing-commits] r6340 - data/CVE
Author: stef-guest Date: 2007-08-16 20:49:04 +0000 (Thu, 16 Aug 2007) New Revision: 6340 Modified: data/CVE/list Log: new lwat issue fixed new issues: wengophone, ice* new non-issue: konqueror NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-08-16 20:23:54 UTC (rev 6339) +++ data/CVE/list 2007-08-16 20:49:04 UTC (rev 6340) @@ -1,41 +1,46 @@ +CVE-2007-XXXX [lwat sometimes logs passwords in access.log] + - lwat 0.15-2 (low) CVE-2007-4371 (Unrestricted file upload vulnerability in admin/pages/blog-add.php in ...) - TODO: check + NOT-FOR-US: Neuron Blog CVE-2007-4370 (Multiple buffer overflows in the (1) client and (2) server in Racer ...) - TODO: check + NOT-FOR-US: Racer CVE-2007-4369 (Directory traversal vulnerability in go/_files in SOTEeSKLEP before ...) - TODO: check + NOT-FOR-US: SOTEeSKLEP CVE-2007-4368 (SQL injection vulnerability in /main in IBM Rational ClearQuest (CQ) ...) - TODO: check + NOT-FOR-US: IBM Rational ClearQuest (CQ) CVE-2007-4367 (Opera before 9.23 allows remote attackers to execute arbitrary code ...) - TODO: check + NOT-FOR-US: Opera CVE-2007-4366 (WengoPhone 2.1 allows remote attackers to cause a denial of service ...) - TODO: check + - wengophone <unfixed> (bug #438419) CVE-2007-4365 (Cross-site scripting (XSS) vulnerability in eXV2 CMS 2.0.5 and earlier ...) - TODO: check + NOT-FOR-US: eXV2 CMS CVE-2007-4364 (Fedora Commons before 2.2.1 does not properly handle certain ...) - TODO: check + NOT-FOR-US: Fedora Commons CVE-2007-4363 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) - TODO: check + NOT-FOR-US: Drupal Content Construction Kit (CCK) CVE-2007-4362 (SQL injection vulnerability in category.php in Prozilla Webring allows ...) - TODO: check + NOT-FOR-US: Prozilla Webring CVE-2007-4361 (NETGEAR (formerly Infrant) ReadyNAS RAIDiator before 4.00b2-p2-T1 beta ...) - TODO: check + NOT-FOR-US: ReadyNAS RAIDiator CVE-2007-4360 (Unspecified vulnerability in Dell Remote Access Card 4 (DRAC4) with ...) - TODO: check + NOT-FOR-US: Dell CVE-2007-4359 (Multiple SQL injection vulnerabilities in SkilMatch Staffing Systems ...) - TODO: check + NOT-FOR-US: JobLister3 CVE-2007-4358 (Zoidcom 0.6.7 and earlier allows remote attackers to cause a denial of ...) - TODO: check + NOT-FOR-US: Zoidcom CVE-2007-4357 (Mozilla Firefox 2.0.0.6 and earlier allows remote attackers to spoof ...) - TODO: check + - mozilla-firefox <removed> + - mozilla <removed> + - iceweasel <unfixed> + - iceape <unfixed> CVE-2007-4356 (Microsoft Internet Explorer 6 and 7 embeds FTP credentials in HTML ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2007-4355 (Buffer overflow in the at program on IBM AIX 5.3 allows local users to ...) - TODO: check + NOT-FOR-US: AIX CVE-2007-4354 (Buffer overflow in fileplace in bos.perf.tools in IBM AIX 5.2 and 5.3 ...) - TODO: check + NOT-FOR-US: AIX CVE-2007-4353 (Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users in ...) - TODO: check + NOT-FOR-US: AIX CVE-2007-4352 RESERVED CVE-2007-4351 @@ -187,7 +192,7 @@ CVE-2007-4279 (PHP remote file inclusion vulnerability in config.php in ...) NOT-FOR-US: FrontAccounting CVE-2007-4278 (Stack-based buffer overflow in ESRI ArcSDE service 9.2, as used with ...) - TODO: check + NOT-FOR-US: ESRI ArcSDE CVE-2007-4277 RESERVED CVE-2007-4276 @@ -196,7 +201,7 @@ RESERVED CVE-2007-4274 REJECTED - TODO: check + NOT-FOR-US: Duplicate of CVE-2007-4275 CVE-2007-4273 RESERVED CVE-2007-4272 @@ -296,7 +301,8 @@ CVE-2007-4230 (** DISPUTED ** ...) NOT-FOR-US: BellaBiblio CVE-2007-4229 (Unspecified vulnerability in KDE Konqueror 3.5.7 and earlier allows ...) - TODO: check + - konqueror <unfixed> (unimportant) + NOTE: Browser DoS not treated as vulnerabilities CVE-2007-4228 (rmpvc on IBM AIX 4.3 allows local users to cause a denial of service ...) NOT-FOR-US: AIX CVE-2007-4227 (Microsoft Windows Explorer (explorer.exe) allows user-assisted remote ...) @@ -350,7 +356,7 @@ CVE-2007-4204 (Hitachi Groupmax Collaboration - Schedule, as used in Groupmax ...) NOT-FOR-US: Hitachi Groupmax Collaboration CVE-2007-4203 (Session fixation vulnerability in Mambo 4.6.2 CMS allows remote ...) - TODO: check + NOT-FOR-US: Mambo CVE-2007-4202 (Guidance Software EnCase Enterprise Edition (EEE) 6 does not properly ...) NOT-FOR-US: Guidance Software EnCase CVE-2007-4201 (Guidance Software EnCase 6.2 and 6.5 does not properly handle a volume ...) @@ -424,7 +430,7 @@ CVE-2007-4170 (Multiple PHP remote file inclusion vulnerabilities in AL-Athkar 2.0 ...) NOT-FOR-US: AL-Athkar CVE-2007-4169 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: vgallite CVE-2007-4167 (PHP remote file inclusion vulnerability in cat_viewed.php in ...) NOT-FOR-US: AL-Caricatier CVE-2007-4166 (Cross-site scripting (XSS) vulnerability in index.php in the Unnamed ...) @@ -434,55 +440,55 @@ CVE-2007-4164 (CRLF injection vulnerability in the redirect feature in Sun Java ...) NOT-FOR-US: IndexScript CVE-2007-4163 (Multiple SQL injection vulnerabilities in IndexScript 2.7 and 2.8 ...) - TODO: check + NOT-FOR-US: IndexScript CVE-2007-4162 (TIBCO Rendezvous (RV) 7.5.2 does not protect confidentiality or ...) - TODO: check + NOT-FOR-US: TIBCO Rendezvous (RV) CVE-2007-4161 (rvd in TIBCO Rendezvous (RV) 7.5.2, when -no-lead-wc is omitted, might ...) - TODO: check + NOT-FOR-US: TIBCO Rendezvous (RV) CVE-2007-4160 (The default configuration of TIBCO Rendezvous (RV) 7.5.2 clients, when ...) - TODO: check + NOT-FOR-US: TIBCO Rendezvous (RV) CVE-2007-4159 (index.html in the HTTP administration interface in certain daemons in ...) - TODO: check + NOT-FOR-US: TIBCO Rendezvous (RV) CVE-2007-4158 (Unspecified vulnerability in rvd 7.5.2 in TIBCO Rendezvous (RV) allows ...) - TODO: check + NOT-FOR-US: TIBCO Rendezvous (RV) CVE-2007-4157 (PHPBlogger stores sensitive information under the web root with ...) - TODO: check + NOT-FOR-US: PHPBlogger CVE-2007-4156 (Multiple SQL injection vulnerabilities in wolioCMS allow remote ...) - TODO: check + NOT-FOR-US: wolioCMS CVE-2007-4155 (Absolute path traversal vulnerability in a certain ActiveX control in ...) - TODO: check + NOT-FOR-US: EMC VMware CVE-2007-4154 (SQL injection vulnerability in options.php in WordPress 2.2.1 allows ...) - wordpress <unfixed> CVE-2007-4153 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.2.1 ...) - wordpress <unfixed> CVE-2007-4152 (The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit ...) - TODO: check + NOT-FOR-US: Visionsoft Audit on Demand Service CVE-2007-4151 (The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit ...) - TODO: check + NOT-FOR-US: Visionsoft Audit on Demand Service CVE-2007-4150 (The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit ...) - TODO: check + NOT-FOR-US: Visionsoft Audit on Demand Service CVE-2007-4149 (The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit ...) - TODO: check + NOT-FOR-US: Visionsoft Audit on Demand Service CVE-2007-4148 (Heap-based buffer overflow in the Visionsoft Audit on Demand Service ...) - TODO: check + NOT-FOR-US: Visionsoft Audit on Demand Service CVE-2007-4147 (Multiple unspecified vulnerabilities in Interspire ArticleLive NX ...) - TODO: check + NOT-FOR-US: Interspire ArticleLive NX CVE-2007-4146 (Cross-site scripting (XSS) vulnerability in webevent.cgi in WebEvent ...) - TODO: check + NOT-FOR-US: WebEvent CVE-2007-4145 (Heap-based buffer overflow in the BlueSkychat (BlueSkyCat) ActiveX ...) - TODO: check + NOT-FOR-US: BlueSkychat CVE-2007-4144 (Cross-site scripting (XSS) vulnerability in ...) - TODO: check + NOT-FOR-US: MitriDAT eMail Form Processor Pro CVE-2007-4143 (user.php in the Billing Control Panel in phpCoupon allows remote ...) - TODO: check + NOT-FOR-US: Billing Control Panel in phpCoupon CVE-2007-4142 (Cross-site scripting (XSS) vulnerability in IBM Lotus Sametime Server ...) - TODO: check + NOT-FOR-US: BM Lotus Sametime Server CVE-2007-4141 (OpenRat CMS 0.8-beta1 and earlier allows remote attackers to obtain ...) - TODO: check + NOT-FOR-US: OpenRat CMS CVE-2007-4140 (Buffer overflow in Live for Speed (LFS) S2 ALPHA PATCH 0.5x allows ...) - TODO: check + NOT-FOR-US: Live for Speed CVE-2007-4139 (Cross-site scripting (XSS) vulnerability in the Temporary Uploads ...) - TODO: check + NOT-FOR-US: Temporary Uploads CVE-2007-4138 RESERVED CVE-2007-4137