thr3ads.net - Secure testing commits - [Secure-testing-commits] r8226

If this information is useful, please help other people find it:
Share via:
nion at alioth.debian.org
2008-Feb-26 18:13 UTC
[Secure-testing-commits] r8226 - data/CVE

Author: nion
Date: 2008-02-26 18:13:00 +0000 (Tue, 26 Feb 2008)
New Revision: 8226

Modified:
   data/CVE/list
Log:
NFUs, cleaning trailing whitespaces
new issue: cupsys (CVE-2008-0882)


Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-02-26 17:44:34 UTC (rev 8225)
+++ data/CVE/list	2008-02-26 18:13:00 UTC (rev 8226)
@@ -121,61 +121,61 @@
 CVE-2008-0922 (SQL injection vulnerability in the Manuales 0.1 module for
PHP-Nuke ...)
 	NOT-FOR-US: Manuales module for PHP-Nuke
 CVE-2008-0921 (SQL injection vulnerability in news.php in beContent 0.3.1
allows ...)
-	TODO: check
+	NOT-FOR-US: beContent
 CVE-2008-0920 (SQL injection vulnerability in port/modifyportform.php in Open
Source ...)
-	TODO: check
+	NOT-FOR-US: OSSIM
 CVE-2008-0919 (Cross-site scripting (XSS) vulnerability in session/login.php in
Open ...)
-	TODO: check
+	NOT-FOR-US: OSSIM
 CVE-2008-0918 (SQL injection vulnerability in includes/count_dl_or_link.inc.php
in ...)
-	TODO: check
+	NOT-FOR-US: astatsPRO component for Joomla!
 CVE-2008-0917 (Cross-site scripting (XSS) vulnerability in Tor World Tor Search
1.1 ...)
-	TODO: check
+	NOT-FOR-US: TorWorld software
 CVE-2008-0916 (SQL injection vulnerability in the Highwood Design hwdVideoShare
...)
-	TODO: check
+	NOT-FOR-US: com_hwdvideoshare component for Joomla!
 CVE-2008-0915 (The Mediation server in IPdiva SSL VPN Server 2.2 before
2.2.8.84 and ...)
-	TODO: check
+	NOT-FOR-US: IPdiva SSL VPN Server
 CVE-2008-0914 (Multiple cross-site scripting (XSS) vulnerabilities in the
Mediation ...)
-	TODO: check
+	NOT-FOR-US: IPdiva SSL VPN Server
 CVE-2008-0913 (Cross-site scripting (XSS) vulnerability in Invision Power Board
(IPB ...)
-	TODO: check
+	NOT-FOR-US: Invision Power Board
 CVE-2008-0912 (Multiple heap-based buffer overflows in mlsrv10.exe in Sybase
MobiLink ...)
-	TODO: check
+	NOT-FOR-US: Sybase MobiLink
 CVE-2008-0911 (SQL injection vulnerability in productdetails.php in iScripts
...)
-	TODO: check
+	NOT-FOR-US: iScripts MultiCart
 CVE-2008-0910 (Multiple F-Secure anti-virus products, including Internet
Security ...)
-	TODO: check
+	NOT-FOR-US: Internet Security, Anti-Virus, F-Secure Protection Service
 CVE-2008-0909 (Cross-site scripting (XSS) vulnerability in browse.asp in
Schoolwires ...)
-	TODO: check
+	NOT-FOR-US: Schoolwires Academic Portal
 CVE-2008-0908 (SQL injection vulnerability in browse.asp in Schoolwires
Academic ...)
-	TODO: check
+	NOT-FOR-US: Schoolwires Academic Portal
 CVE-2008-0907 (SQL injection vulnerability in the Inhalt module for PHP-Nuke
allows ...)
-	TODO: check
+	NOT-FOR-US: Inhalt module for PHP-Nuke
 CVE-2008-0906 (SQL injection vulnerability in the Docum module in PHP-Nuke
allows ...)
-	TODO: check
+	NOT-FOR-US: Docum module for PHP-Nuke
 CVE-2008-0905 (Directory traversal vulnerability in globsy_edit.php in Globsy
1.0 ...)
-	TODO: check
+	NOT-FOR-US: Globsy
 CVE-2008-0904 (Unspecified vulnerability in the download servlet in BEA
Plumtree ...)
-	TODO: check
+	NOT-FOR-US: BEA Plumtree Collaboration and AquaLogic Interaction
 CVE-2008-0903 (Unspecified vulnerability in the BEA WebLogic Server and Express
proxy ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic Server and Express proxy plugin
 CVE-2008-0902 (Multiple cross-site scripting (XSS) vulnerabilities in BEA
WebLogic ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic Server and Express
 CVE-2008-0901 (BEA WebLogic Server and Express 7.0 through 10.0 allows remote
...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic Server and Express
 CVE-2008-0900 (Session fixation vulnerability in BEA WebLogic Server and
Express 8.1 ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic Server and Express
 CVE-2008-0899 (Cross-site scripting (XSS) vulnerability in the Administration
Console ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic Server and Express
 CVE-2008-0898 (The distributed queue feature in JMS in BEA WebLogic Server 9.0
...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic Server
 CVE-2008-0897 (Unspecified vulnerability in BEA WebLogic Server 9.0 through
10.0 ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic Server
 CVE-2008-0896 (BEA WebLogic Portal 10.0 and 9.2 through MP1, when an
administrator ...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic Portal
 CVE-2008-0895 (BEA WebLogic Server and WebLogic Express 6.1 through 10.0 allows
...)
-	TODO: check
+	NOT-FOR-US: BEA WebLogic Server and Express
 CVE-2008-0894 (Apple Safari might allow remote attackers to obtain potentially
...)
-	TODO: check
+	NOT-FOR-US: Apple Safari
 CVE-2008-0893
 	RESERVED
 CVE-2008-0892
@@ -197,7 +197,7 @@
 CVE-2008-0884
 	RESERVED
 CVE-2008-0882 (Double free vulnerability in the process_browse_data function in
CUPS ...)
-	TODO: check
+	- cupsys <unfixed> (medium; bug #467653)
 CVE-2008-0881 (SQL injection vulnerability in modules.php in the Okul 1.0
module for ...)
 	TODO: check
 CVE-2008-0880 (SQL injection vulnerability in modules.php in the EasyContent
module ...)
@@ -1458,7 +1458,7 @@
 CVE-2008-0332 (Directory traversal vulnerability in arias/help/effect.php in
aria ...)
 	NOT-FOR-US: Aria ERP (not the aria we ship)
 CVE-2008-0331 (Unspecified vulnerability in Funkwerk System Software before
7.4.1 ...)
-	NOT-FOR-US: Funkwerk 
+	NOT-FOR-US: Funkwerk
 CVE-2008-0330 (Open System Consultants (OSC) Radiator before 4.0 allows remote
...)
 	NOT-FOR-US: Radiator
 CVE-2008-0329 (LulieBlog 1.0.1 and 1.0.2 does not restrict access to (1) ...)
@@ -2809,9 +2809,9 @@
 CVE-2007-6409 (The gg protocol handler in Gadu-Gadu, when this product is
installed ...)
 	NOT-FOR-US: Gadu-Gadu client
 CVE-2007-6408 (IBM Tivoli Provisioning Manager Express provides unspecified
...)
-	NOT-FOR-US: IBM Tivoli Provisioning Manager Express 
+	NOT-FOR-US: IBM Tivoli Provisioning Manager Express
 CVE-2007-6407 (Multiple cross-site scripting (XSS) vulnerabilities in IBM
Tivoli ...)
-	NOT-FOR-US: IBM Tivoli Provisioning Manager Express 
+	NOT-FOR-US: IBM Tivoli Provisioning Manager Express
 CVE-2007-6406 (Multiple cross-site scripting (XSS) vulnerabilities in CA
(formerly ...)
 	NOT-FOR-US: CA eTrust Threat Management Console
 CVE-2007-6405 (Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows
allows ...)
@@ -3304,7 +3304,7 @@
 	- pulseaudio 0.9.9-1
 CVE-2008-0007 (Linux kernel before 2.6.22.17, when using certain drivers that
...)
 	{DSA-1504-1 DSA-1503-1}
-	- linux-2.6 <unfixed> 
+	- linux-2.6 <unfixed>
 CVE-2008-0006 (Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the
libfont ...)
 	{DSA-1466-2 DTSA-110-1}
 	- xorg-server 2:1.4.1~git20080105-2
@@ -3393,7 +3393,7 @@
 CVE-2007-6188 (Multiple directory traversal vulnerabilities in TuMusika
Evolution ...)
 	NOT-FOR-US: TuMusika Evolution
 CVE-2007-6187 (Multiple directory traversal vulnerabilities in PHP Content
Architect ...)
-	NOT-FOR-US: PHP Content Architect 
+	NOT-FOR-US: PHP Content Architect
 CVE-2007-6186 (Unspecified vulnerability in PHPDevShell before 0.7.0 has
unknown ...)
 	NOT-FOR-US: PHPDevShell
 CVE-2007-6185 (Directory traversal vulnerability in users/files.php in
Eurologon CMS ...)
@@ -3519,8 +3519,8 @@
 	NOTE: 0.2.3-6 adds a security note about this script
 CVE-2007-6130 (gnump3d 2.9final does not apply password protection to its
plugins, ...)
 	- gnump3d 3.0-1 (medium)
-	[sarge] - gnump3d <not-affected> (Vulnerable code not present) 
-	[etch] - gnump3d <not-affected> (Vulnerable code not present) 
+	[sarge] - gnump3d <not-affected> (Vulnerable code not present)
+	[etch] - gnump3d <not-affected> (Vulnerable code not present)
 CVE-2007-6129 (Directory traversal vulnerability in
scripts/include/show_content.php ...)
 	NOT-FOR-US: Amber script
 CVE-2007-6128 (SQL injection vulnerability in events.php in WorkingOnWeb
2.0.1400 ...)
@@ -3602,7 +3602,7 @@
 CVE-2007-6083 (SQL injection vulnerability in admin/index.php in IceBB 1.0-rc6
allows ...)
 	NOT-FOR-US: IceBB
 CVE-2007-6082 (Direct static code injection vulnerability in acp/savenews.php
in ...)
-	NOT-FOR-US: Sciurus Hosting Panel 
+	NOT-FOR-US: Sciurus Hosting Panel
 CVE-2007-6081 (AdventNet EventLog Analyzer build 4030 for Windows, and possibly
other ...)
 	NOT-FOR-US: Windows
 CVE-2007-6080 (SQL injection vulnerability in modules/banners/click.php in the
...)
@@ -3657,7 +3657,7 @@
 CVE-2007-6058 (Multiple SQL injection vulnerabilities in index.php in
ProfileCMS 1.0 ...)
 	NOT-FOR-US: ProfileCMS
 CVE-2007-6057 (PHP remote file inclusion vulnerability in index.php in datecomm
...)
-	NOT-FOR-US: datecomm Social Networking Script 
+	NOT-FOR-US: datecomm Social Networking Script
 CVE-2007-6056 (frame.html in Aida-Web (Aida Web) allows remote attackers to
bypass a ...)
 	NOT-FOR-US: Aida-Web
 CVE-2007-6055 (Cross-site scripting (XSS) vulnerability in c/portal/login in
Liferay ...)
@@ -4420,7 +4420,7 @@
 CVE-2007-5789 (The Grandstream HT-488 0.1 allows remote attackers to cause a
denial ...)
 	NOT-FOR-US: Grandstream HT-488
 CVE-2007-5788 (Buffer overflow in the SIP parser on the Grandstream HT-488 0.1
allows ...)
-	NOT-FOR-US: Grandstream HT-488 
+	NOT-FOR-US: Grandstream HT-488
 CVE-2007-5787 (Micro Login System 1.0 stores sensitive information under the
web root ...)
 	NOT-FOR-US: Micro Login System
 CVE-2007-5786 (Multiple PHP remote file inclusion vulnerabilities in GoSamba
1.0.1 ...)
@@ -5992,7 +5992,7 @@
 	{DSA-1509-1 DSA-1480-1 DTSA-85-1 DTSA-86-1}
 	- poppler 0.6.2-1 (medium; bug #450628)
 	- kdegraphics 4:3.5.8-2 (medium; bug #450630)
-	[etch] - kdegraphics <not-affected> (Vulnerable code not used)  
+	[etch] - kdegraphics <not-affected> (Vulnerable code not used)
 	- xpdf 3.02-1.3 (medium; bug #450629)
 	- koffice 1:1.6.3-4 (medium; bug #450631)
 	- libextractor 0.5.9-1
@@ -6123,7 +6123,7 @@
 	NOT-FOR-US: Pindorama
 CVE-2007-5386 (Cross-site scripting (XSS) vulnerability in scripts/setup.php in
...)
 	{DSA-1403-1}
-	- phpmyadmin 4:2.11.1.2-1 (unimportant; bug #446451) 
+	- phpmyadmin 4:2.11.1.2-1 (unimportant; bug #446451)
 	[sarge] - phpmyadmin <not-affected> (vulnerable script not present)
 CVE-2007-5385 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
 	NOT-FOR-US: Thomson/Alcatel SpeedTouch 7G router
@@ -7150,7 +7150,7 @@
 	NOTE: Can be fixed in a point update
 CVE-2007-5019 (Buffer overflow in the Sun Java Web Start ActiveX control in
Java ...)
 	- sun-java6-jre <unfixed> (unimportant)
-	- sun-java5-jre <unfixed> (unimportant) 
+	- sun-java5-jre <unfixed> (unimportant)
 	NOTE: exploiting this would not work under Linux
 CVE-2007-5018 (Stack-based buffer overflow in IMAPD in Mercury/32 4.52 allows
remote ...)
 	NOT-FOR-US: Pegasus Mail Mercury
@@ -7581,7 +7581,7 @@
 	NOTE: MFSA2007-36
 	NOTE: see https://bugzilla.mozilla.org/show_bug.cgi?id=394974
 CVE-2007-4840 (PHP 5.2.4 and earlier allows context-dependent attackers to
cause a ...)
-	- glibc 2.7-1 (unimportant) 
+	- glibc 2.7-1 (unimportant)
 	NOTE: Original PHP issue only triggerable by malicious script
 CVE-2007-4839 (Unspecified vulnerability in the PD tools component in IBM
WebSphere ...)
 	NOT-FOR-US: IBM WebSphere
@@ -7980,27 +7980,27 @@
 CVE-2007-4669 (The Services API in Firebird before 2.0.2 allows remote
authenticated ...)
 	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
 	[etch] - firebird2 <unfixed>
-	[sarge] - firebird2 <unfixed> 
+	[sarge] - firebird2 <unfixed>
 CVE-2007-4668 (Unspecified vulnerability in the server in Firebird before 2.0.2
...)
 	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
 	[etch] - firebird2 <unfixed>
-	[sarge] - firebird2 <unfixed> 
+	[sarge] - firebird2 <unfixed>
 CVE-2007-4667 (Unspecified vulnerability in the Services API in Firebird before
2.0.2 ...)
 	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
 	[etch] - firebird2 <unfixed>
-	[sarge] - firebird2 <unfixed> 
+	[sarge] - firebird2 <unfixed>
 CVE-2007-4666 (Unspecified vulnerability in the server in Firebird before
2.0.2, when ...)
 	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
 	[etch] - firebird2 <unfixed>
-	[sarge] - firebird2 <unfixed> 
+	[sarge] - firebird2 <unfixed>
 CVE-2007-4665 (Unspecified vulnerability in the server in Firebird before 2.0.2
...)
 	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
 	[etch] - firebird2 <unfixed>
-	[sarge] - firebird2 <unfixed> 
+	[sarge] - firebird2 <unfixed>
 CVE-2007-4664 (Unspecified vulnerability in the (1) attach database and (2)
create ...)
 	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
 	[etch] - firebird2 <unfixed>
-	[sarge] - firebird2 <unfixed> 
+	[sarge] - firebird2 <unfixed>
 CVE-2007-4663 (Directory traversal vulnerability in PHP before 5.2.4 allows
attackers ...)
 	- php5 <unfixed> (unimportant)
 	NOTE: open_basedir not supported
@@ -8170,7 +8170,7 @@
 CVE-2007-4598 (IBM SurePOS 500 has (1) a default password of
&quot;12345&quot; for the manager ...)
 	NOT-FOR-US: IBM
 CVE-2007-4597 (SQL injection vulnerability in index.php in TurnkeyWebTools
SunShop ...)
-	NOT-FOR-US: SunShop Shopping Cart 
+	NOT-FOR-US: SunShop Shopping Cart
 CVE-2007-4596 (The perl extension in PHP does not follow safe_mode
restrictions, ...)
 	- php5 <unfixed> (unimportant)
 	NOTE: Safe mode violations not treated as vulnerabilities
@@ -8765,7 +8765,7 @@
 	{DSA-1509-1 DSA-1480-1 DTSA-85-1 DTSA-86-1}
 	- poppler 0.6.2-1 (medium; bug #450628)
 	- kdegraphics 4:3.5.8-2 (medium; bug #450630)
-	[etch] - kdegraphics <not-affected> (Vulnerable code not used)  
+	[etch] - kdegraphics <not-affected> (Vulnerable code not used)
 	- xpdf 3.02-1.3 (medium; bug #450629)
 	- koffice 1:1.6.3-4 (medium; bug #450631)
 	- libextractor 0.5.9-1
@@ -10136,19 +10136,19 @@
 	[etch] - kdebase <no-dsa> (Minor issue)
 	NOTE: http://marc.info/?l=full-disclosure&m=118437069815691&w=2
 CVE-2007-3761 (Cross-site scripting (XSS) vulnerability in Safari in Apple
iPhone ...)
-	NOT-FOR-US: Safari 
+	NOT-FOR-US: Safari
 CVE-2007-3760 (Cross-site scripting (XSS) vulnerability in Safari in Apple
iPhone ...)
-	NOT-FOR-US: Safari 
+	NOT-FOR-US: Safari
 CVE-2007-3759 (Safari in Apple iPhone 1.1.1, when requested to disable
Javascript, ...)
-	NOT-FOR-US: Safari 
+	NOT-FOR-US: Safari
 CVE-2007-3758 (Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update
3.0.4 on ...)
-	NOT-FOR-US: Safari 
+	NOT-FOR-US: Safari
 CVE-2007-3757 (Safari in Apple iPhone 1.1.1 allows remote user-assisted
attackers to ...)
-	NOT-FOR-US: Safari 
+	NOT-FOR-US: Safari
 CVE-2007-3756 (Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update
3.0.4 on ...)
-	NOT-FOR-US: Safari 
+	NOT-FOR-US: Safari
 CVE-2007-3755 (Mail in Apple iPhone 1.1.1 allows remote user-assisted attackers
to ...)
-	NOT-FOR-US: Aplle iPhone 
+	NOT-FOR-US: Aplle iPhone
 CVE-2007-3754 (Mail in Apple iPhone 1.1.1, when using SSL, does not warn the
user ...)
 	NOT-FOR-US: Aplle iPhone
 CVE-2007-3753 (Apple iPhone 1.1.1, with Bluetooth enabled, allows physically
...)
@@ -10353,7 +10353,7 @@
 CVE-2007-3676 (IBM DB2 Universal Database (UDB) Administration Server (DAS) 8
before ...)
 	NOT-FOR-US: IBM DB2
 CVE-2007-3675 (Multiple format string vulnerabilities in the
kavwebscan.CKAVWebScan ...)
-	NOT-FOR-US: Kaspersky Online Scanner 
+	NOT-FOR-US: Kaspersky Online Scanner
 CVE-2007-3674
 	RESERVED
 CVE-2007-3673 (Symantec symtdi.sys before 7.0.0, as distributed in Symantec
AntiVirus ...)
@@ -10672,7 +10672,7 @@
 CVE-2007-3527 (Integer overflow in Firebird 2.0.0 allows remote authenticated
users ...)
 	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
 	[etch] - firebird2 <unfixed>
-	[sarge] - firebird2 <unfixed> 
+	[sarge] - firebird2 <unfixed>
 CVE-2007-3526 (Multiple SQL injection vulnerabilities in Buddy Zone 1.5 and
earlier ...)
 	NOT-FOR-US: Buddy Zone
 CVE-2007-3525 (Ripe Website Manager 0.8.9 and earlier allows remote attackers
to ...)
@@ -10944,7 +10944,7 @@
 CVE-2007-3437 (AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote
...)
 	NOT-FOR-US: AOL Instant Messenger
 CVE-2007-3436 (Microsoft MSN Messenger 4.7 on Windows XP allows remote
attackers to ...)
-	NOT-FOR-US: Microsoft 
+	NOT-FOR-US: Microsoft
 CVE-2007-3435 (Stack-based buffer overflow in the BeginPrint method in a
certain ...)
 	NOT-FOR-US: BarCodeAx.dll
 CVE-2007-3434 (index.php in Pharmacy System 2 and earlier allows remote
attackers to ...)
@@ -11608,7 +11608,7 @@
 	- moin 1.5.8-4.1 (unimportant; bug #429205)
 	- knowledgeroot 0.9.8.2-2 (unimportant; bug #429204)
 	- karrigell <unfixed> (unimportant; bug #429207)
-	NOTE: This is only exploitable on NTFS filesystems 
+	NOTE: This is only exploitable on NTFS filesystems
 	NOTE: Given the state of Linux'' NTFS support it seems highly unlikely
 	NOTE: and given the state of ext3/XFS highly stupid to run a Debian-based
 	NOTE: web server with NTFS
@@ -12223,7 +12223,7 @@
 CVE-2007-2904 (Cross-site scripting (XSS) vulnerability in Sun Java System
Messaging ...)
 	NOT-FOR-US: Sun Java System Messaging Server
 CVE-2007-2903 (Buffer overflow in the HelpPopup method in the Microsoft Office
2000 ...)
-	NOT-FOR-US: Microsoft Office ActiveX control 
+	NOT-FOR-US: Microsoft Office ActiveX control
 CVE-2007-2902 (SQL injection vulnerability in main/auth/my_progress.php in
Dokeos ...)
 	NOT-FOR-US: Dokeos
 CVE-2007-2901 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos
1.8.0 ...)
@@ -12736,21 +12736,21 @@
 CVE-2007-2702 (Cross-site scripting (XSS) vulnerability in the GroupSpace
application ...)
 	NOT-FOR-US: BEA WebLogic Portal
 CVE-2007-2701 (The JMS Message Bridge in BEA WebLogic Server 7.0 through SP7
and 8.1 ...)
-	NOT-FOR-US: BEA WebLogic 
+	NOT-FOR-US: BEA WebLogic
 CVE-2007-2700 (The WLST script generated by the configToScript command in BEA
...)
-	NOT-FOR-US: BEA WebLogic 
+	NOT-FOR-US: BEA WebLogic
 CVE-2007-2699 (The Administration Console in BEA WebLogic Express and WebLogic
Server ...)
-	NOT-FOR-US: BEA WebLogic 
+	NOT-FOR-US: BEA WebLogic
 CVE-2007-2698 (The Administration Console in BEA WebLogic Server 9.0 may show
...)
-	NOT-FOR-US: BEA WebLogic 
+	NOT-FOR-US: BEA WebLogic
 CVE-2007-2697 (The embedded LDAP server in BEA WebLogic Express and WebLogic
Server ...)
-	NOT-FOR-US: BEA WebLogic 
+	NOT-FOR-US: BEA WebLogic
 CVE-2007-2696 (The JMS Server in BEA WebLogic Server 6.1 through SP7, 7.0
through ...)
-	NOT-FOR-US: BEA WebLogic 
+	NOT-FOR-US: BEA WebLogic
 CVE-2007-2695 (The HttpClusterServlet and HttpProxyServlet in BEA WebLogic
Express ...)
-	NOT-FOR-US: BEA WebLogic 
+	NOT-FOR-US: BEA WebLogic
 CVE-2007-2694 (Multiple cross-site scripting (XSS) vulnerabilities in BEA
WebLogic ...)
-	NOT-FOR-US: BEA WebLogic 
+	NOT-FOR-US: BEA WebLogic
 CVE-2007-2693 (MySQL before 5.1.18 allows remote authenticated users without
SELECT ...)
 	- mysql-dfsg-5.0 <not-affected> (Only MySQL 5.1 affected)
 	[sarge] - mysql-dfsg-4.1 <not-affected> (Only MySQL 5.1 affected)
@@ -12917,7 +12917,7 @@
 CVE-2007-2621 (SQL injection vulnerability in event_view.php in Thyme Calendar
1.3 ...)
 	NOT-FOR-US: Thyme Calendar
 CVE-2007-2620 (PHP remote file inclusion vulnerability in inc/config.inc.php in
Jakub ...)
-	NOT-FOR-US: Jakub Steiner (aka jimmac) original 
+	NOT-FOR-US: Jakub Steiner (aka jimmac) original
 CVE-2007-2619 (Symantec pcAnywhere 11.5.x and 12.0.x retains unencrypted login
...)
 	NOT-FOR-US: Symantec pcAnywhere
 CVE-2007-2618 (CRLF injection vulnerability in index.php in Drake CMS 0.4.0
allows ...)
@@ -13307,7 +13307,7 @@
 	- tomcat4 <removed> (low)
 	- tomcat5 <unfixed> (low)
 	- tomcat5.5 5.5.25-1 (low)
-	[sarge] - tomcat4 <no-dsa> (Contrib not supported) 
+	[sarge] - tomcat4 <no-dsa> (Contrib not supported)
 CVE-2007-2449 (Multiple cross-site scripting (XSS) vulnerabilities in certain
JSP ...)
 	- tomcat4 <removed> (unimportant)
 	- tomcat5 <removed> (unimportant)
@@ -13350,7 +13350,7 @@
 CVE-2007-2437 (The X render (Xrender) extension in X.org X Window System 7.0,
7.1, ...)
 	- xorg-server 2:1.3.0.0.dfsg-4 (unimportant; bug #422936)
 	NOTE: etch vulnerable (patch below applies)
-	NOTE: git url to fix the issue 
+	NOTE: git url to fix the issue
 	NOTE:
http://gitweb.freedesktop.org/?p=xorg/xserver.git;a=commitdiff;h=71fc5b3e9309182978ead676965d65ca93a4e3b9
 	NOTE: Not considered a security problem, only exploitable by authenticated
users
 	NOTE: If an attacker convinces such a user to run his exploit code blindly she
could
@@ -13473,7 +13473,7 @@
 	NOTE: only be considered vunerabile if they process confidential data.
 	NOTE: The frameworks should be fixed in any case.
 CVE-2007-2383 (The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges
data ...)
-	TODO: check glpi hobix knowledgeroot libbio-ruby1.8 mt-daapd op-panel
poker-web python-webhelpers qwik rails wordpress
+	TODO: check glpi hobix knowledgeroot libbio-ruby1.8 mt-daapd op-panel
poker-web python-webhelpers qwik rails wordpress
 	NOTE: see
http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
 	NOTE: This allows to steal data from affected websites. Therefore web
applications should
 	NOTE: only be considered vunerabile if they process confidential data.
@@ -15939,7 +15939,7 @@
 	- libapache-mod-security <removed>
 CVE-2007-1358 (Cross-site scripting (XSS) vulnerability in certain applications
using ...)
 	- tomcat4 <removed> (low)
-	[sarge] - tomcat4 <no-dsa> (Contrib not supported) 
+	[sarge] - tomcat4 <no-dsa> (Contrib not supported)
 CVE-2007-1357 (The atalk_sum_skb function in AppleTalk for Linux kernel 2.6.x
before ...)
 	{DSA-1304 DSA-1286-1}
 	- linux-2.6 2.6.20-1
@@ -18043,7 +18043,7 @@
 	NOT-FOR-US: WS_FTP Server
 CVE-2007-0664 (thttpd before 2.25b-r6 in Gentoo Linux is started from the
system root ...)
 	- thttpd <not-affected> (Gentoo-specific packaging flaw)
-	NOTE: In accordance with Debian Policy is not possible start Webserver 
+	NOTE: In accordance with Debian Policy is not possible start Webserver
 	NOTE: in root directory (/).
 CVE-2007-0663 (SQL injection vulnerability in index.php in Eclectic Designs
...)
 	NOT-FOR-US: Eclectic Designs CascadianFAQ
@@ -18089,7 +18089,7 @@
 CVE-2007-0644 (Format string vulnerability in Apple Safari 2.0.4 (419.3) allows
...)
 	NOT-FOR-US: Apple Safari
 CVE-2007-0643 (Stack-based buffer overflow in Bloodshed Dev-C++ 4.9.9.2 allows
...)
-	NOT-FOR-US: Bloodshed Dev-C++ 
+	NOT-FOR-US: Bloodshed Dev-C++
 CVE-2007-0642 (SQL injection vulnerability in tForum 2.00 in the Raymond
BERTHOU ...)
 	NOT-FOR-US: Raymond BERTHOU script collection
 CVE-2007-0641 (Buffer overflow in the EnumPrintersA function in dapcnfsd.dll
0.6.4.0 ...)
@@ -18122,7 +18122,7 @@
 CVE-2007-0630 (Multiple SQL injection vulnerabilities in the generate_csv
function in ...)
 	NOT-FOR-US: xNews
 CVE-2007-0629 (The www_purgeList method in Plain Black WebGUI before 7.3.8 does
not ...)
-	NOT-FOR-US: Plain Black WebGUI 
+	NOT-FOR-US: Plain Black WebGUI
 CVE-2007-0628 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java
System ...)
 	NOT-FOR-US: Sun Java System Access Manager
 CVE-2007-0627 (Michael Still gtalkbot before 1.2 places username and password
...)
@@ -18482,7 +18482,7 @@
 CVE-2005-4825 (Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager
...)
 	NOT-FOR-US: Cisco
 CVE-2004-2676 (The Spy Sweeper Enterprise Client (SpySweeperTray.exe) in
WebRoot Spy ...)
-	NOT-FOR-US: WebRoot Spy Sweeper 
+	NOT-FOR-US: WebRoot Spy Sweeper
 CVE-2007-0508 (PHP remote file inclusion vulnerability in lib/selectlang.php in
...)
 	- bbclone 0.4.6-8 (bug #408839; medium)
 CVE-2007-XXXX [hinfo code injection]
@@ -19467,7 +19467,7 @@
 CVE-2007-0093 (SQL injection vulnerability in page.php in Simple Web Content
...)
 	NOT-FOR-US: Simple Web Content Management System
 CVE-2007-0092 (SQL injection vulnerability in productdetail.asp in E-SMARTCART
1.0 ...)
-	NOT-FOR-US: E-SMARTCART 
+	NOT-FOR-US: E-SMARTCART
 CVE-2007-0091 (newsCMSlite stores sensitive information under the web root with
...)
 	NOT-FOR-US: newsCMSlite
 CVE-2007-0090 (WineGlass stores sensitive information under the web root with
...)
Secure testing commits - Feb 2008 - r8226 - data/CVE

[Secure-testing-commits] r8226 - data/CVE
