Author: nion Date: 2007-09-20 17:40:00 +0000 (Thu, 20 Sep 2007) New Revision: 6652 Modified: data/CVE/list Log: NFUs CVE-2007-4961 secondlife-client, itp CVE-2007-4965 python2.4, python2.5 unfixed, 443333 CVE-2007-4938 mplayer unfixed CVE-2007-4941 kmplayer unfixed CVE-2007-4966 gforge unsure, notes added Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-09-20 17:13:30 UTC (rev 6651) +++ data/CVE/list 2007-09-20 17:40:00 UTC (rev 6652) @@ -1,99 +1,106 @@ CVE-2007-4972 (RegMon 7.04 does not properly validate certain parameters to System ...) - TODO: check + NOT-FOR-US: NtRegmon CVE-2007-4971 (ProSecurity 1.40 Beta 2 does not properly validate certain parameters ...) - TODO: check + NOT-FOR-US: ProSecurity CVE-2007-4970 (ProcessGuard 3.410 does not properly validate certain parameters to ...) - TODO: check + NOT-FOR-US: ProcessGuard CVE-2007-4969 (Process Monitor 1.22 does not properly validate certain parameters to ...) - TODO: check + NOT-FOR-US: Process Monitor CVE-2007-4968 (Privatefirewall 5.0.14.2 does not properly validate certain parameters ...) - TODO: check + NOT-FOR-US: Privatefirewal CVE-2007-4967 (Online Armor Personal Firewall 2.0.1.215 does not properly validate ...) - TODO: check + NOT-FOR-US: Online Armor Personal Firewall CVE-2007-4966 (SQL injection vulnerability in www/people/editprofile.php in GForge ...) TODO: check + NOTE: I am not sure if this is a duplicate of CVE-2007-3913 + NOTE: Look at the fix for it: http://gforge.org/scm/viewvc.php/trunk/gforge/www/people/editprofile.php?root=gforge&r1=5995&r2=6083 + NOTE: This is already a fix for an SQL injection via skill_delete CVE-2007-4965 (Multiple integer overflows in the imageop module in Python 2.5.1 and ...) - TODO: check + - python2.5 <unfixed> (low; bug #443333) + - python2.4 <unfixed> (low; bug #443335) CVE-2007-4964 (WinImage 8.10 and earlier allows remote attackers to cause a denial of ...) - TODO: check + NOT-FOR-US: WinImage CVE-2007-4963 (Visual truncation vulnerability in WinImage 8.10 and earlier allows ...) - TODO: check + NOT-FOR-US: WinImage CVE-2007-4962 (Directory traversal vulnerability in WinImage 8.10 and earlier allows ...) - TODO: check + NOT-FOR-US: WinImage CVE-2007-4961 (The login_to_simulator method in Linden Lab Second Life, as used by ...) - TODO: check + - secondlife-client <itp> (low; bug #406335) CVE-2007-4960 (Argument injection vulnerability in the Linden Lab Second Life ...) - TODO: check + - secondlife-client <itp> (low; bug #406335) CVE-2007-4959 (Cross-site scripting (XSS) vulnerability in ...) - TODO: check + NOT-FOR-US: osCMax CVE-2007-4958 (Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery ...) - TODO: check + NOT-FOR-US: TinyWebGallery CVE-2007-4957 (Multiple directory traversal vulnerabilities in download.php in Chupix ...) - TODO: check + NOT-FOR-US: ChupixCMS CVE-2007-4956 (Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow remote ...) - TODO: check + NOT-FOR-US: KwsPhp CVE-2007-4955 (PHP remote file inclusion vulnerability in admin.joomlaflashfun.php in ...) - TODO: check + NOT-FOR-US: Joomla! extension CVE-2007-4954 (PHP remote file inclusion vulnerability in admin.joom12pic.php in the ...) - TODO: check + NOT-FOR-US: Joomla! extension CVE-2007-4953 (SQL injection vulnerability in index.php in SimpCMS allows remote ...) - TODO: check + NOT-FOR-US: SimpCMS CVE-2007-4952 (SQL injection vulnerability in article.php in OmniStar Article Manager ...) - TODO: check + NOT-FOR-US: OmniStar Article Manager CVE-2007-4951 (** DISPUTED ** ...) TODO: check CVE-2007-4950 (** DISPUTED ** PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: Phportal CVE-2007-4949 (** DISPUTED ** ...) TODO: check CVE-2007-4948 (Multiple PHP remote file inclusion vulnerabilities in Webmedia ...) - TODO: check + NOT-FOR-US: Webmedia Explorer CVE-2007-4947 (Multiple PHP remote file inclusion vulnerabilities in myphpPagetool ...) - TODO: check + NOT-FOR-US: myphpPagetool CVE-2007-4946 (LetterGrade allows remote attackers to obtain sensitive information ...) - TODO: check + NOT-FOR-US: LetterGrade CVE-2007-4945 (Multiple cross-site scripting (XSS) vulnerabilities in LetterGrade ...) - TODO: check + NOT-FOR-US: LetterGrade CVE-2007-4944 (The canvas.createPattern function in Opera 9.x before 9.22 for Linux, ...) - TODO: check + NOT-FOR-US: Opera CVE-2007-4943 (Multiple buffer overflows in a certain ActiveX control in sparser.dll ...) - TODO: check + NOT-FOR-US: Baofeng Storm CVE-2007-4942 (PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: Focus/SIS CVE-2007-4941 (KMPlayer 2.9.3.1210 and earlier allows remote attackers to cause a ...) - TODO: check + - kmplayer <unfixed> + TODO: report bug + NOTE: the mplayer issue in the references has it''s own CVE id CVE-2007-4938 CVE-2007-4940 (Multiple integer overflows in Media Player Classic (MPC) 6.4.9.0 and ...) - TODO: check + NOT-FOR-US: Media Player Classic CVE-2007-4939 (Heap-based buffer overflow in mplayerc.exe in Media Player Classic ...) - TODO: check + NOT-FOR-US: Media Player Classic CVE-2007-4938 (Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 ...) - TODO: check + - mplayer <unfixed> + TODO: report bug CVE-2007-4937 (CS Guestbook stores sensitive information under the web root with ...) - TODO: check + NOT-FOR-US: CS Guestbook CVE-2007-4936 (Unspecified vulnerability in Office Efficiencies SafeSquid 4.1.x has ...) - TODO: check + NOT-FOR-US: SafeSquid CVE-2007-4935 (Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 ...) - TODO: check + NOT-FOR-US: phpFFL CVE-2007-4934 (Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 ...) - TODO: check + NOT-FOR-US: phpFFL CVE-2007-4933 (Direct static code injection vulnerability in ...) - TODO: check + NOT-FOR-US: Shop-Script FREE CVE-2007-4932 (admin.php in Shop-Script FREE 2.0 and earlier sends a redirect to the ...) - TODO: check + NOT-FOR-US: Shop-Script FREE CVE-2007-4931 (HP System Management Homepage (SMH) for Windows, when used in ...) - TODO: check + NOT-FOR-US: HP System Management Homepage CVE-2007-4930 (Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS ...) - TODO: check + NOT-FOR-US: Axis firmware CVE-2007-4929 (Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 207W ...) - TODO: check + NOT-FOR-US: Axis firmware CVE-2007-4928 (The AXIS 207W camera stores a WEP or WPA key in cleartext in the ...) - TODO: check + NOT-FOR-US: Axis firmware CVE-2007-4927 (axis-cgi/buffer/command.cgi on the AXIS 207W camera allows remote ...) - TODO: check + NOT-FOR-US: Axis firmware CVE-2007-4926 (The AXIS 207W camera uses a base64-encoded cleartext username and ...) - TODO: check + NOT-FOR-US: Axis firmware CVE-2007-4925 (The ewirePC_Decrypt function in ewirepcfunctions.php in eWire Payment ...) - TODO: check + NOT-FOR-US: eWire Payment Client CVE-2007-4924 RESERVED CVE-2007-4923 (PHP remote file inclusion vulnerability in admin.joomlaradiov5.php in ...)