Author: nion Date: 2007-08-26 17:57:30 +0000 (Sun, 26 Aug 2007) New Revision: 6410 Modified: data/CVE/list Log: NFUs ampache itp Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-08-26 15:18:28 UTC (rev 6409) +++ data/CVE/list 2007-08-26 17:57:30 UTC (rev 6410) @@ -18,15 +18,16 @@ CVE-2007-4457 (Directory traversal vulnerability in forumreply.php in Dalai Forum 1.1 ...) NOT-FOR-US: Dalai Forum CVE-2007-4456 (SQL injection vulnerability in index.php in the SimpleFAQ ...) - TODO: check + NOT-FOR-US: mambo + NOTE: mambo is in experimental though CVE-2007-4455 (The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before ...) - asterisk 1:1.4.11~dfsg-1 [sarge] - asterisk <not-affected> (not affected according to advisory) [etch] - asterisk <not-affected> (not affected according to advisory) CVE-2007-4454 (Eval injection vulnerability in environment.php in Olate Download (od) ...) - TODO: check + NOT-FOR-US: Olate Download CVE-2007-4453 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: vBulletin CVE-2007-4452 (The client in Toribash 2.71 and earlier allows remote attackers to ...) NOT-FOR-US: Toribash CVE-2007-4451 (The server in Toribash 2.71 and earlier on Windows allows remote ...) @@ -42,31 +43,31 @@ CVE-2007-4446 (Format string vulnerability in the server in Toribash 2.71 and earlier ...) NOT-FOR-US: Toribash CVE-2007-4445 (Image Space rFactor 1.250 and earlier allows remote attackers to cause ...) - TODO: check + NOT-FOR-US: Image space rfactor CVE-2007-4444 (Multiple buffer overflows in Image Space rFactor 1.250 and earlier ...) - TODO: check + NOT-FOR-US: Image space rfactor CVE-2007-4443 (The UCC dedicated server for the Unreal engine, possibly 2003 and ...) - TODO: check + NOT-FOR-US: Unreal on Windows CVE-2007-4442 (Stack-based buffer overflow in the logging function in the Unreal ...) - TODO: check + NOT-FOR-US: Unreal on Windows CVE-2007-4441 (Buffer overflow in php_win32std.dll in the win32std extension for PHP ...) - php5 <not-affected> (Windows-specific) CVE-2007-4440 (Stack-based buffer overflow in the SMTP server in Mercury Mail ...) - TODO: check + NOT-FOR-US: Mercury mail system CVE-2007-4439 (PHP remote file inclusion vulnerability in popup_window.php in ...) - TODO: check + NOT-FOR-US: Squirrelcart CVE-2007-4438 (Session fixation vulnerability in Ampache before 3.3.3.5 allows remote ...) - TODO: check + - ampache <itp> (bug #407337) CVE-2007-4437 (SQL injection vulnerability in albums.php in Ampache before 3.3.3.5 ...) - TODO: check + - ampache <itp> (bug #407337) CVE-2007-4436 (The Drupal Project module before 5.x-1.0, 4.7.x-2.3, and 4.7.x-1.3 and ...) - drupal <not-affected> (External addon, see bug #439379) CVE-2007-4435 (Multiple SQL injection vulnerabilities in TorrentTrader before 1.07 ...) - TODO: check + NOT-FOR-US: TorrentTrader CVE-2007-4434 (Cross-site scripting (XSS) vulnerability in textfilesearch.asp in the ...) - TODO: check + NOT-FOR-US: Text File Search ASP CVE-2007-4433 (Cross-site scripting (XSS) vulnerability in textfilesearch.aspx in the ...) - TODO: check + NOT-FOR-US: Text File Search ASP CVE-2007-4432 (Untrusted search path vulnerability in the wrapper scripts for the (1) ...) NOT-FOR-US: SUSE CVE-2007-4431 (Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and ...) @@ -76,9 +77,9 @@ CVE-2007-4429 (Unspecified vulnerability in Skype allows remote attackers to cause a ...) NOT-FOR-US: Skype CVE-2007-4428 (Lhaz 1.33 allows remote attackers to execute arbitrary code via ...) - TODO: check + NOT-FOR-US: lhaz CVE-2007-4427 (Unspecified vulnerability in the login page redirection logic in the ...) - TODO: check + NOT-FOR-US: InterSystems Cache CVE-2007-4426 (Live for Speed (LFS) S1 and S2 allows remote attackers to cause a ...) TODO: check CVE-2007-4425 (Multiple buffer overflows in Live for Speed (LFS) demo, S1, and S2 ...)