Author: nion Date: 2007-10-16 22:24:05 +0000 (Tue, 16 Oct 2007) New Revision: 6991 Modified: data/CVE/list Log: CVE-2002-2255 fixed in phpbb2 2.0.13-6sarge3 CVE-2002-2254 linux-2.4 removed CVE-2002-2253 libsieve not-affected NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-10-16 21:43:43 UTC (rev 6990) +++ data/CVE/list 2007-10-16 22:24:05 UTC (rev 6991) @@ -3,7 +3,7 @@ CVE-2007-5470 (Microsoft Expression Media stores the catalog password in cleartext in ...) NOT-FOR-US: Microsoft Expression Media CVE-2007-5469 (OpenSER 1.2.2 does not verify the Digest authentication header URI ...) - - openser <unfixed> (low) + - openser <unfixed> (low; bug #446956) NOTE: should be only "exploitable" in local network with untrusted users CVE-2007-5468 (Cisco CallManager 5.1.1.3000-5 does not verify the Digest ...) NOT-FOR-US: Cisco @@ -204,61 +204,63 @@ CVE-2002-2256 (Directory traversal vulnerability in pWins Webserver 0.2.5 and earlier ...) NOT-FOR-US: pWins CVE-2002-2255 (Cross-site scripting (XSS) vulnerability in search.php in phpBB 2.0.3 ...) - TODO: check + - phpbb2 2.0.13-6sarge3 + NOTE: might be fixed in prior versions CVE-2002-2254 (The experimental IP packet queuing feature in Netfilter / IPTables in ...) - TODO: check + - linux-2.4 <removed> CVE-2002-2253 (Multiple buffer overflows in Cyrus Sieve / libSieve 2.1.2 and earlier ...) - TODO: check + - libsieve <not-affected> (was fixed in 2.1.3 before debian version was uploaded) CVE-2002-2252 (SQL injection vulnerability in auth.inc.php in Thatware 0.5.0 and ...) - TODO: check + NOT-FOR-US: Thatware CVE-2002-2251 (Buffer overflow in the changevalue function in libcgi.h for Marcos ...) - TODO: check + NOT-FOR-US: Marcos Luiz Onisto CVE-2002-2250 (Multiple buffer overflows in Sybase Adaptive Server 12.0 and 12.5 ...) - TODO: check + NOT-FOR-US: Sybase CVE-2002-2249 (PHP remote file inclusion vulnerability in News Evolution 2.0 allows ...) - TODO: check + NOT-FOR-US: News Evolution CVE-2002-2248 (Buffer overflow in the sun.awt.windows.WDefaultFontCharset Java class ...) - TODO: check + NOT-FOR-US: Netscape CVE-2002-2247 (The administrator/phpinfo.php script in Mambo Site Server 4.0.11 ...) - TODO: check + NOT-FOR-US: Mambo + NOTE: mambo is in experimental CVE-2002-2246 (Cross-site scripting (XSS) vulnerability in VisNetic Website before ...) - TODO: check + NOT-FOR-US: VisNetic Website CVE-2002-2245 (ftpd in NetBSD 1.5 through 1.5.3 and 1.6 does not properly quote a ...) - TODO: check + NOT-FOR-US: NetBSD ftpd CVE-2002-2244 (Akfingerd 0.5 and earlier versions allow local users to cause a denial ...) - TODO: check + NOT-FOR-US: Akfingerd CVE-2002-2243 (Akfingerd 0.5 and possibly earlier versions only allows one connection ...) - TODO: check + NOT-FOR-US: Akfingerd CVE-2002-2242 (The Apple Package Manager in KisMAC 0.02a and earlier modifies file ...) - TODO: check + NOT-FOR-US: Apple Package Manager of KisMAC CVE-2002-2241 (Buffer overflow in httpd32.exe in Deerfield VisNetic WebSite before ...) - TODO: check + NOT-FOR-US: Deerfield VisNetic WebSite CVE-2002-2240 (Directory traversal vulnerability in MyServer 0.11 and 0.2 allows ...) - TODO: check + NOT-FOR-US: MyServer CVE-2002-2239 (The Cisco Optical Service Module (OSM) for the Catalyst 6500 and 7600 ...) - TODO: check + NOT-FOR-US: Cisco CVE-2002-2238 (Directory traversal vulnerability in the Kunani ODBC FTP Server 1.0.10 ...) - TODO: check + NOT-FOR-US: Kunani ODBC FTP Server CVE-2002-2237 (tftp32 TFTP server 2.21 and earlier allows remote attackers to cause a ...) - TODO: check + NOT-FOR-US: tftp32 TFTP CVE-2002-2236 (Format string vulnerability in the awp_log function in apt-www-proxy ...) - TODO: check + NOT-FOR-US: apt-www-proxy CVE-2002-2235 (member2.php in vBulletin 2.2.9 and earlier does not properly restrict ...) - TODO: check + NOT-FOR-US: vBulletin CVE-2002-2234 (NetScreen ScreenOS before 4.0.1 allows remote attackers to bypass the ...) - TODO: check + NOT-FOR-US: NetScreen ScreenOS CVE-2002-2233 (Directory traversal vulnerability in Enceladus Server Suite 3.9 allows ...) - TODO: check + NOT-FOR-US: Enceladus Server Suite CVE-2002-2232 (Buffer overflow in Enceladus Server Suite 3.9 allows remote attackers ...) - TODO: check + NOT-FOR-US: Enceladus Server Suite CVE-2002-2231 (Cross-site scripting (XSS) vulnerability in Ikonboard 3.1.1 allows ...) - TODO: check + NOT-FOR-US: Ikonboard CVE-2002-2230 (Cross-site scripting (XSS) vulnerability in Ikonboard 3.1.1 allows ...) - TODO: check + NOT-FOR-US: Ikonboard CVE-2002-2229 (Directory traversal vulnerability in Sapio Design Ltd. WebReflex 1.53 ...) - TODO: check + NOT-FOR-US: WebReflex CVE-2002-2228 (MailScanner before 4.0 5-1 and before 3.2 6-1 allows remote attackers ...) - TODO: check + - mailscanner 4.22.5-1 CVE-2007-5461 (Absolute path traversal vulnerability in Apache Tomcat, under certain ...) TODO: check CVE-2007-5391 (Unspecified vulnerability in HP Select Identity 4.01 through 4.01.010 ...)