[Secure-testing-commits] r5387 - data/CVE

Tue, 30 Jan 2007 05:15:23 -0800 

Author: enerv-guest
Date: 2007-01-30 14:15:15 +0100 (Tue, 30 Jan 2007)
New Revision: 5387

Modified:
   data/CVE/list
Log:
some NFUs and issues.



Modified: data/CVE/list
===================================================================
--- data/CVE/list       2007-01-30 11:33:39 UTC (rev 5386)
+++ data/CVE/list       2007-01-30 13:15:15 UTC (rev 5387)
@@ -31,11 +31,11 @@
 CVE-2007-0542 (Cross-site scripting (XSS) vulnerability in show.php in 212cafe 
...)
        TODO: check
 CVE-2007-0541 (WordPress allows remote attackers to determine the existence of 
...)
-       TODO: check
+       - wordpress 2.1.0-1 (low)
 CVE-2007-0540 (WordPress allows remote attackers to cause a denial of service 
...)
-       TODO: check
+       - wordpress 2.1.0-1 (low)
 CVE-2007-0539 (WordPress before 2.1 allows remote attackers to cause a denial 
of ...)
-       TODO: check
+       - wordpress 2.1.0-1 (low)
 CVE-2007-0538 (Telligent Community Server 2.1 and earlier allows remote 
attackers to ...)
        TODO: check
 CVE-2007-0537 (Konqueror 3.5.5 does not properly parse HTML comments, which 
allows ...)
@@ -65,13 +65,13 @@
 CVE-2007-0525 (Multiple buffer overflows in Nickolas Grigoriadis Mini Web 
server ...)
        TODO: check
 CVE-2007-0524 (The LG Chocolate KG800 phone allows remote attackers to cause a 
denial ...)
-       TODO: check
+       NOT-FOR-US: LG
 CVE-2007-0523 (The Nokia N70 phone allows remote attackers to cause a denial 
of ...)
-       TODO: check
+       NOT-FOR-US: Nokia
 CVE-2007-0522 (The Motorola MOTORAZR V3 phone allows remote attackers to cause 
a ...)
-       TODO: check
+       NOT-FOR-US: Motorola
 CVE-2007-0521 (The Sony Ericsson K700i and W810i phones allow remote attackers 
to ...)
-       TODO: check
+       NOT-FOR-US: Sony Ericsson
 CVE-2007-0520 (SQL injection vulnerability in banner.php in Unique Ads (UDS) 
1.x ...)
        TODO: check
 CVE-2007-0519 (Cross-site scripting (XSS) vulnerability in memcp.php in XMB 
U2U ...)
@@ -125,35 +125,35 @@
 CVE-2007-0492 (Multiple SQL injection vulnerabilities in gallery.php in 
webSPELL ...)
        TODO: check
 CVE-2007-0491 (PHP remote file inclusion vulnerability in up.php in Sky 
GUNNING ...)
-       TODO: check
+       NOT-FOR-US: MySpeach
 CVE-2007-0490 (index.php in Open-Realty 2.3.4 allows remote attackers to 
obtain ...)
-       TODO: check
+       NOT-FOR-US: Open-Realty
 CVE-2007-0489 (PHP remote file inclusion vulnerability in ...)
        TODO: check
 CVE-2007-0488 (The Huawei Versatile Routing Platform 1.43 2500E-003 firmware 
on the ...)
        TODO: check
 CVE-2007-0487 (PHP remote file inclusion vulnerability in index.php in 
FreeForum ...)
-       TODO: check
+       NOT-FOR-US: FreeForum
 CVE-2007-0486 (Multiple PHP remote file inclusion vulnerabilities in Openads 
(aka ...)
-       TODO: check
+       NOT-FOR-US: Openads
 CVE-2007-0485 (PHP remote file inclusion vulnerability in defines.php in 
WebChat 0.77 ...)
        TODO: check
 CVE-2007-0484 (Multiple SQL injection vulnerabilities in Enthusiast 3.1 allow 
remote ...)
-       TODO: check
+       NOT-FOR-US: ReviewPost
 CVE-2007-0483 (Multiple cross-site scripting (XSS) vulnerabilities in 
Enthusiast 3.1 ...)
-       TODO: check
+       NOT-FOR-US: ReviewPost
 CVE-2007-0482 (cgi-bin/main in Sun Ray Server Software 2.0 and 3.0 before 
20070123 ...)
-       TODO: check
+       NOT-FOR-US: Sun
 CVE-2007-0481 (Cisco IOS allows remote attackers to cause a denial of service 
(crash) ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2007-0480 (Cisco IOS 9.x, 10.x, 11.x, and 12.x and IOS XR 2.0.x, 3.0.x, 
and 3.2.x ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2007-0479 (Memory leak in the TCP listener in Cisco IOS 9.x, 10.x, 11.x, 
and 12.x ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2007-0478 (Apple Safari does not properly parse HTML comments, which 
allows ...)
-       TODO: check
+       NOT-FOR-US: Apple Safari
 CVE-2007-0477 (Cross-site scripting (XSS) vulnerability in Openads before 
2.3.31 (aka ...)
-       TODO: check
+       NOT-FOR-US: Openads
 CVE-2007-0476 (The gencert.sh script, when installing OpenLDAP before 
2.1.30-r10, ...)
        TODO: check
 CVE-2007-0475
@@ -165,37 +165,38 @@
 CVE-2007-0472
        RESERVED
 CVE-2006-6965 (CRLF injection vulnerability in lib/exe/fetch.php in DokuWiki 
...)
-       TODO: check
+       - dokuwiki 0.0.20061106-1 (low)
 CVE-2006-6964 (MailEnable Professional before 1.78 provides a cleartext user 
password ...)
-       TODO: check
+       NOT-FOR-US: MailEnable
 CVE-2006-6963 (Multiple PHP remote file inclusion vulnerabilities in Docebo 
LMS 3.0.3 ...)
-       TODO: check
+       NOT-FOR-US: Docebo
 CVE-2006-6962 (PHP remote file inclusion vulnerability in rsgallery2.html.php 
in the ...)
-       TODO: check
+       NOT-FOR-US: RS Gallery2
 CVE-2006-6961 (WebRoot Spy Sweeper 4.5.9 and earlier does not detect malware 
based on ...)
-       TODO: check
+       NOT-FOR-US: WebRoot Spy Sweeper
 CVE-2006-6960 (The Compression Sweep feature in WebRoot Spy Sweeper 4.5.9 and 
earlier ...)
-       TODO: check
+       NOT-FOR-US: WebRoot Spy Sweeper
 CVE-2006-6959 (WebRoot Spy Sweeper 4.5.9 and earlier allows local users to 
bypass the ...)
-       TODO: check
+       NOT-FOR-US: WebRoot Spy Sweeper
 CVE-2006-6958 (Multiple PHP remote file inclusion vulnerabilities in 
phpBlueDragon ...)
-       TODO: check
+       NOT-FOR-US: phpBlueDragon CMS
 CVE-2006-6957 (PHP remote file inclusion vulnerability in 
addons/mod_media/body.php ...)
-       TODO: check
+       NOT-FOR-US: Docebo
 CVE-2006-6956 (Microsoft Internet Explorer allows remote attackers to cause a 
denial ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2006-6955 (Opera allows remote attackers to cause a denial of service ...)
-       TODO: check
+       NOT-FOR-US: Opera
 CVE-2006-6954 (Flock beta 1 0.7 allows remote attackers to cause a denial of 
service ...)
-       TODO: check
+       TODO: check iceweasel
+       NOTE: Tested the proof of concept in iceweasel 2.0.0.1 and it crash.
 CVE-2006-6953 (The virtual keyboard implementation in GlobeTrotter Mobility 
Manager ...)
-       TODO: check
+       NOT-FOR-US: GlobeTrotter Mobility Manager
 CVE-2006-6952 (Computer Associates Host Intrusion Prevention System (HIPS) 
drivers ...)
-       TODO: check
+       NOT-FOR-US: Computer Associates (CA)
 CVE-2005-4825 (Cisco Clean Access 3.5.5 and earlier on the Secure Smart 
Manager ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2004-2676 (The Spy Sweeper Enterprise Client (SpySweeperTray.exe) in 
WebRoot Spy ...)
-       TODO: check
+       NOT-FOR-US: WebRoot Spy Sweeper 
 CVE-2007-0508 (PHP remote file inclusion vulnerability in lib/selectlang.php 
in ...)
        - bbclone <unfixed> (bug #408839; medium)
 CVE-2007-XXXX [hinfo code injection]


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to