Author: nion Date: 2007-10-16 20:42:31 +0000 (Tue, 16 Oct 2007) New Revision: 6984 Modified: data/CVE/list Log: CVE-2007-5423 tikiwiki removed CVE-2003-1352 gabber fixed in 0.8.8-1, gabber2 not-affected NFUs CVE-2007-5414 fixed in iceweasel 2.0+dfsg-1 Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-10-16 16:21:17 UTC (rev 6983) +++ data/CVE/list 2007-10-16 20:42:31 UTC (rev 6984) @@ -72,12 +72,12 @@ CVE-2007-5424 (The disable_functions feature in PHP 4 and 5 allows attackers to ...) TODO: check CVE-2007-5423 (Eval injection vulnerability in tiki-graph_formula.php in TikiWiki ...) - TODO: check + - tikiwiki <removed> CVE-2007-5422 (Unspecified vulnerability in "Solaris Auditing" in the Basic Security ...) NOT-FOR-US: Solaris Auditing CVE-2007-5421 REJECTED - TODO: check + NOT-FOR-US: Cisco CVE-2007-5420 (The 3Com 3CRWER100-75 router with 1.2.10ww software, when remote ...) NOT-FOR-US: 3Com 3CRWER100-75 CVE-2007-5419 (The 3Com 3CRWER100-75 router with 1.2.10ww software, when enabling an ...) @@ -91,22 +91,23 @@ - drupal <unfixed> (medium) CVE-2007-5415 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox 2.0, when ...) TODO: check + NOTE: can not reproduce any of the PoC urls in unstable version, anyone knows more? CVE-2007-5414 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...) - TODO: check + - iceweasel 2.0+dfsg-1 CVE-2007-5413 RESERVED CVE-2007-5412 (Multiple PHP remote file inclusion vulnerabilities in the Quoc-Huy MP3 ...) - TODO: check + NOT-FOR-US: Joomla! extension CVE-2007-5411 (Cross-site scripting (XSS) vulnerability in the Linksys SPA941 VoIP ...) NOT-FOR-US: Linksys CVE-2007-5410 (PHP remote file inclusion vulnerability in admin.wmtrssreader.php in ...) - TODO: check + NOT-FOR-US: Joomla! extension CVE-2007-5409 (PHP remote file inclusion vulnerability in admin/nuseo_admin_d.php in ...) NOT-FOR-US: NuSEO CVE-2007-5408 (SQL injection vulnerability in category.php in cpDynaLinks 1.02 allows ...) NOT-FOR-US: cpDynaLinks CVE-2007-5407 (Multiple PHP remote file inclusion vulnerabilities in the ...) - TODO: check + NOT-FOR-US: Joomla! extension CVE-2007-5406 RESERVED CVE-2007-5405 @@ -148,7 +149,8 @@ CVE-2003-1353 (Multiple cross-site scripting (XSS) vulnerabilities in Outreach ...) NOT-FOR-US: Outreach CVE-2003-1352 (Gabber 0.8.7 sends an email to a specific address during user login ...) - TODO: check + - gabber 0.8.8-1 + - gabber2 <not-affected> (No code to send data to update at jabber.org) CVE-2003-1351 (Directory traversal vulnerability in edittag.cgi in EditTag 1.1 allows ...) NOT-FOR-US: EditTag CVE-2003-1350 (List Site Pro 2.0 allows remote attackers to hijack user accounts by ...) @@ -174,9 +176,10 @@ CVE-2002-2258 (Moby NetSuite allows remote attackers to cause a denial of service ...) NOT-FOR-US: Moby NetSuite CVE-2002-2257 (Stack-based buffer overflow in the parse_field function in cgi_lib.c ...) - TODO: check + NOT-FOR-US: libcgi + NOTE: this is another libcgi than the one we ship CVE-2002-2256 (Directory traversal vulnerability in pWins Webserver 0.2.5 and earlier ...) - TODO: check + NOT-FOR-US: pWins CVE-2002-2255 (Cross-site scripting (XSS) vulnerability in search.php in phpBB 2.0.3 ...) TODO: check CVE-2002-2254 (The experimental IP packet queuing feature in Netfilter / IPTables in ...)