Secure testing commits - Sep 2007 - r6638 - data/CVE

Author: nion
Date: 2007-09-18 22:38:43 +0000 (Tue, 18 Sep 2007)
New Revision: 6638

Modified:
   data/CVE/list
Log:
NFUs
CVE-2007-4915 boa not-affected
CVE-2007-4904 helix-player unfixed, unimportant


Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-09-18 21:54:35 UTC (rev 6637)
+++ data/CVE/list	2007-09-18 22:38:43 UTC (rev 6638)
@@ -1,49 +1,50 @@
 CVE-2007-4924
 	RESERVED
 CVE-2007-4923 (PHP remote file inclusion vulnerability in
admin.joomlaradiov5.php in ...)
-	TODO: check
+	NOT-FOR-US: Joomla extension
 CVE-2007-4922 (SQL injection vulnerability in index.php in the jeuxflash 1.0
module ...)
-	TODO: check
+	NOT-FOR-US: KwsPhp
 CVE-2007-4921 (PHP remote file inclusion vulnerability in
_includes/settings.inc.php ...)
-	TODO: check
+	NOT-FOR-US: Ajax File Browser
 CVE-2007-4920 (SQL injection vulnerability in soporte_derecha_w.php in PHP
Webquest ...)
-	TODO: check
+	NOT-FOR-US: Webquest
 CVE-2007-4919 (Multiple SQL injection vulnerabilities in JBlog 1.0 allow (1)
remote ...)
-	TODO: check
+	NOT-FOR-US: Jblog
 CVE-2007-4918 (SQL injection vulnerability in index.php in Gelato allows remote
...)
-	TODO: check
+	NOT-FOR-US: Gelato
 CVE-2007-4917 (Cross-site scripting (XSS) vulnerability in tracking.php in
PHP-Stats ...)
-	TODO: check
+	NOT-FOR-US: Php-Stats
 CVE-2007-4916 (Heap-based buffer overflow in the FileFind::FindFile method in
(1) ...)
-	TODO: check
+	NOT-FOR-US: MFC Library
 CVE-2007-4915 (The Intersil isl3893 extensions for Boa 0.93.15, as used on the
...)
-	TODO: check
+	- boa <not-affected> (We don''t ship this extension)
 CVE-2007-4914 (Unspecified vulnerability in the subscriptions manager in
Invision ...)
-	TODO: check
+	NOT-FOR-US: Invision Power Board
 CVE-2007-4913 (ips_kernel/class_upload.php in Invision Power Board (IPB or
IP.Board) ...)
-	TODO: check
+	NOT-FOR-US: Invision Power Board
 CVE-2007-4912 (Cross-site scripting (XSS) vulnerability in
ips_kernel/class_ajax.php ...)
-	TODO: check
+	NOT-FOR-US: Invision Power Board
 CVE-2007-4911 (JSMP3OGGWt.dll in JetCast Server 2.0.0.4308 allows remote
attackers to ...)
-	TODO: check
+	NOT-FOR-US: JetCast Server
 CVE-2007-4910 (Unspecified vulnerability in netInvoicing before 2.7.3 has
unknown ...)
-	TODO: check
+	NOT-FOR-US: Netinvoicing
 CVE-2007-4909 (Interpretation conflict in WinSCP before 4.0.4 allows remote
attackers ...)
-	TODO: check
+	NOT-FOR-US: WinSCP
 CVE-2007-4908 (Directory traversal vulnerability in index.php in AuraCMS 2.1
and ...)
-	TODO: check
+	NOT-FOR-US: AuraCMS
 CVE-2007-4907 (Multiple PHP remote file inclusion vulnerabilities in X-Cart
allow ...)
-	TODO: check
+	NOT-FOR-US: X-Cart
 CVE-2007-4906 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: NuclearBB
 CVE-2007-4905 (Unrestricted file upload vulnerability in mod/contak.php in
AuraCMS ...)
-	TODO: check
+	NOT-FOR-US: AuraCMS
 CVE-2007-4904 (RealNetworks RealPlayer 10.1.0.3114 and earlier, and Helix
Player ...)
-	TODO: check
+	- helix-player <unfixed> (unimportant; bug #443130)
+	NOTE: Just a floating point exception by via a crafted .au file)
 CVE-2007-4903 (Multiple buffer overflows in a certain ActiveX control in
CryptoX.dll ...)
-	TODO: check
+	NOT-FOR-US: Ultra Crypto Component
 CVE-2007-4902 (Absolute path traversal vulnerability in a certain ActiveX
control in ...)
-	TODO: check
+	NOT-FOR-US: Ultra Crypto Component
 CVE-2007-4901 (Unspecified vulnerability in AOL Instant Messenger (AIM)
6.1.41.2 ...)
 	NOT-FOR-US: AOL Instant Messenger
 CVE-2007-4900 (Cross-site scripting (XSS) vulnerability in the logon page in
RSA ...)