Author: nion Date: 2007-10-15 22:45:24 +0000 (Mon, 15 Oct 2007) New Revision: 6974 Modified: data/CVE/list Log: NFUs new issue: CVE-2007-5448 madwifi-source CVE-2007-5438 vmware-package not-affected Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-10-15 21:14:08 UTC (rev 6973) +++ data/CVE/list 2007-10-15 22:45:24 UTC (rev 6974) @@ -1,65 +1,66 @@ CVE-2007-5459 (Cross-site scripting (XSS) vulnerability in the sidebar HTML page in ...) - TODO: check + NOT-FOR-US: MouseoverDictionary CVE-2007-5458 (SQL injection vulnerability in index.php in the newsletter module 1.0 ...) - TODO: check + NOT-FOR-US: KwsPHP CVE-2007-5457 (Multiple PHP remote file inclusion vulnerabilities in Michael Dempfle ...) - TODO: check + NOT-FOR-US: Joomla! extension CVE-2007-5456 (Microsoft Internet Explorer 7 and earlier allows remote attackers to ...) - TODO: check + NOT-FOR-US: Internet Explorer CVE-2007-5455 (Cross-site scripting (XSS) vulnerability in cgi-bin/wxis.exe in ...) - TODO: check + NOT-FOR-US: WWWISIS CVE-2007-5454 (Directory traversal vulnerability in index.php in PHP File Sharing ...) - TODO: check + NOT-FOR-US: PHP File Sharing CVE-2007-5453 (Multiple eval injection vulnerabilities in Php-Stats 0.1.9.2 allow ...) - TODO: check + NOT-FOR-US: Php-Stats CVE-2007-5452 (Multiple SQL injection vulnerabilities in php-stats.recjs.php in ...) - TODO: check + NOT-FOR-US: Php-Stats CVE-2007-5451 (PHP remote file inclusion vulnerability in admin.color.php in the ...) - TODO: check + NOT-FOR-US: Joomla! extension CVE-2007-5450 (Unspecified vulnerability in Safari on the Apple iPod touch (aka ...) - TODO: check + NOT-FOR-US: Apple firmware CVE-2007-5449 (SQL injection vulnerability in searchresult.php in Softbiz Recipes ...) - TODO: check + NOT-FOR-US: Softbiz Recipes Portal Script CVE-2007-5448 (Madwifi 0.9.3.2 and earlier allows remote attackers to cause a denial ...) - TODO: check + - madwifi-source <unfixed> (medium; bug #446824) + NOTE: this results in a kernel panic CVE-2007-5447 (ioncube_loader_win_5.2.dll in the ionCube Loader 6.5 extension for PHP ...) - TODO: check + NOT-FOR-US: ionCube CVE-2007-5446 (Absolute path traversal vulnerability in a certain ActiveX control in ...) - TODO: check + NOT-FOR-US: PBEmail CVE-2007-5445 (Buffer overflow in the DB Software Laboratory VImpX (VImpAX1) ActiveX ...) - TODO: check + NOT-FOR-US: VImpX CVE-2007-5444 (CMS Made Simple 1.1.3.1 allows remote attackers to obtain the full ...) - TODO: check + NOT-FOR-US: CMS Made Simpe CVE-2007-5443 (Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple ...) - TODO: check + NOT-FOR-US: CMS Made Simpe CVE-2007-5442 (CMS Made Simple 1.1.3.1 does not check the permissions assigned to ...) - TODO: check + NOT-FOR-US: CMS Made Simpe CVE-2007-5441 (CMS Made Simple 1.1.3.1 does not check the permissions assigned to ...) - TODO: check + NOT-FOR-US: CMS Made Simpe CVE-2007-5440 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: Crs Manager CVE-2007-5439 (CA (formerly Computer Associates) eTrust ITM (Threat Manager) 8.1 ...) - TODO: check + NOT-FOR-US: eTrust ITM CVE-2007-5438 (Unspecified vulnerability in a certain ActiveX control in Reconfig.DLL ...) - TODO: check + - vmware-package <not-affected> (Windows only) CVE-2007-5437 (The web console in CA (formerly Computer Associates) eTrust ITM ...) - TODO: check + NOT-FOR-US: eTrust ITM CVE-2007-5436 (Buffer overflow in a certain ActiveX control in ScanObjectBrowser.DLL ...) - TODO: check + NOT-FOR-US: G DATA Antivirus CVE-2007-5435 (Unspecified vulnerability in CA ERwin Process Modeler (formerly ...) - TODO: check + NOT-FOR-US: CA ERwin Process Modeler CVE-2007-5434 (Cross-site scripting (XSS) vulnerability in PRO-search 0.17.1 and ...) - TODO: check + NOT-FOR-US: PRO-search CVE-2007-5433 (Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in ...) - TODO: check + NOT-FOR-US: Site-Up CVE-2007-5432 (Stride 1.0 has a default administrator username of "scott" with the ...) - TODO: check + NOT-FOR-US: Stride CVE-2007-5431 (include/imageupload.js in the MyFTPUploader module in Stride 1.0 ...) - TODO: check + NOT-FOR-US: Stride module CVE-2007-5430 (Multiple SQL injection vulnerabilities in Stride 1.0 allow remote ...) - TODO: check + NOT-FOR-US: Stride CVE-2007-5429 (Cross-site scripting (XSS) vulnerability in index.php in Nucleus 3.01 ...) - TODO: check + NOT-FOR-US: Nucleus CVE-2007-5428 (Cross-site scripting (XSS) vulnerability in UMI CMS allows remote ...) TODO: check CVE-2007-5427 (Cross-site scripting (XSS) vulnerability in the com_search component ...)