Author: nion Date: 2007-10-16 21:43:43 +0000 (Tue, 16 Oct 2007) New Revision: 6990 Modified: data/CVE/list Log: CVE-2007-5471 fixed in libgssapi 0.8-1 new issue: CVE-2007-5469 openser NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-10-16 21:19:01 UTC (rev 6989) +++ data/CVE/list 2007-10-16 21:43:43 UTC (rev 6990) @@ -1,25 +1,26 @@ CVE-2007-5471 (libgssapi before 0.6-13.7, as used by the ISC BIND named daemon in ...) - TODO: check + - libgssapi 0.8-1 CVE-2007-5470 (Microsoft Expression Media stores the catalog password in cleartext in ...) - TODO: check + NOT-FOR-US: Microsoft Expression Media CVE-2007-5469 (OpenSER 1.2.2 does not verify the Digest authentication header URI ...) - TODO: check + - openser <unfixed> (low) + NOTE: should be only "exploitable" in local network with untrusted users CVE-2007-5468 (Cisco CallManager 5.1.1.3000-5 does not verify the Digest ...) - TODO: check + NOT-FOR-US: Cisco CVE-2007-5467 (Unspecified vulnerability in eXtremail 2.1.1 and earlier allows remote ...) - TODO: check + NOT-FOR-US: eXtremail CVE-2007-5466 (Multiple buffer overflows in eXtremail 2.1.1 and earlier allow remote ...) - TODO: check + NOT-FOR-US: eXtremail CVE-2007-5465 (Directory traversal vulnerability in doop CMS 1.3.7 and earlier allows ...) - TODO: check + NOT-FOR-US: doop CMS CVE-2007-5464 (Buffer overflow in Live for Speed 0.5X10 and earlier allows remote ...) - TODO: check + NOT-FOR-US: Live for Speed CVE-2007-5463 (ideal_process.php in the iDEAL payment module in ViArt Shop 3.3 beta ...) - TODO: check + NOT-FOR-US: ViArt Shop CVE-2007-5462 (Unspecified vulnerability in the Sun Solaris RPC services library ...) - TODO: check + NOT-FOR-US: Solaris CVE-2007-5460 (Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak ...) - TODO: check + NOT-FOR-US: Microsoft ActiveSync CVE-2007-5459 (Cross-site scripting (XSS) vulnerability in the sidebar HTML page in ...) NOT-FOR-US: MouseoverDictionary CVE-2007-5458 (SQL injection vulnerability in index.php in the newsletter module 1.0 ...)