Author: keescook-guest
Date: 2007-02-01 21:14:24 +0100 (Thu, 01 Feb 2007)
New Revision: 5397
Modified:
data/CVE/list
Log:
NFSs, assigned CVE for chmlib, opened mpg123 bug, fixed up a typo
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-02-01 10:44:18 UTC (rev 5396)
+++ data/CVE/list 2007-02-01 20:14:24 UTC (rev 5397)
@@ -1,51 +1,51 @@
CVE-2007-0633 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: MyNews
CVE-2007-0632 (SQL injection vulnerability in artreplydelete.asp in ASP EDGE
1.3a and ...)
- TODO: check
+ NOT-FOR-US: ASP EDGE
CVE-2007-0631 (SQL injection vulnerability in index.php in Eclectic Designs
...)
- TODO: check
+ NOT-FOR-US: Eclectic Designs CascadianFAQ
CVE-2007-0630 (Multiple SQL injection vulnerabilities in the generate_csv
function in ...)
- TODO: check
+ NOT-FOR-US: xNews
CVE-2007-0629 (The www_purgeList method in Plain Black WebGUI before 7.3.8
does not ...)
- TODO: check
+ NOT-FOR-US: Plain Black WebGUI
CVE-2007-0628 (Cross-site scripting (XSS) vulnerability in Sun Java System
Access ...)
- TODO: check
+ NOT-FOR-US: Sun Java System Access Manager
CVE-2007-0627 (Michael Still gtalkbot before 1.2 places username and password
...)
- TODO: check
+ NOT-FOR-US: gtalkbot
CVE-2007-0626 (The comment_form_add_preview function in comment.module in
Drupal ...)
TODO: check
CVE-2007-0625 (nxconfigure.sh in NoMachine NX Server before 2.1.0-18 does not
...)
- TODO: check
+ NOT-FOR-US: NoMachine NX Server
CVE-2007-0624 (user.php in MAXdev MDPro 1.0.76 allows remote attackers to
obtain the ...)
- TODO: check
+ NOT-FOR-US: MAXdev MDPro
CVE-2007-0623 (SQL injection vulnerability in index.php in MAXdev MDPro 1.0.76
allows ...)
- TODO: check
+ NOT-FOR-US: MAXdev MDPro
CVE-2007-0622 (Cross-site request forgery (CSRF) vulnerability in MyBB (aka
...)
- TODO: check
+ NOT-FOR-US: MyBulletinBoard
CVE-2007-0621 (Unspecified vulnerability in Microsoft Word 2003 has unknown
impact ...)
- TODO: check
+ NOT-FOR-US: Microsoft Word
CVE-2007-0620 (download.php in FD Script 1.3.2 and earlier allows remote
attackers to ...)
- TODO: check
+ NOT-FOR-US: FD Script
CVE-2007-0619 (chmlib before 0.39 allows user-assisted remote attackers to
execute ...)
- TODO: check
+ - chmlib 2:0.39-1 (bug #408603; medium)
CVE-2007-0618 (Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd,
and (4) ...)
- TODO: check
+ NOT-FOR-US: IBM AIX
CVE-2007-0617 (The SpamBlocker.dll ActiveX control in Earthlink TotalAccess is
marked ...)
- TODO: check
+ NOT-FOR-US: Earthlink TotalAccess
CVE-2007-0616 (Directory traversal vulnerability in zen/template-functions.php
in ...)
- TODO: check
+ NOT-FOR-US: zenphoto
CVE-2007-0615 (Unspecified vulnerability in Hitachi JP1/HIBUN Advanced Edition
...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2007-0614 (The Bonjour functionality in mDNSResponder, iChat 3.1.6, and
...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2007-0613 (The Bonjour functionality in mDNSResponder, iChat 3.1.6, and
...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2007-0612 (Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003,
and ...)
- TODO: check
+ NOT-FOR-US: Microsoft ActiveX
CVE-2007-0611 (Multiple cross-site scripting (XSS) vulnerabilities in Free LAN
...)
- TODO: check
+ NOT-FOR-US: Free LAN Intranet Portal
CVE-2007-0610 (Cross-site scripting (XSS) vulnerability in the mailform
feature in ...)
- TODO: check
+ NOT-FOR-US: CMSimple
CVE-2007-0609
RESERVED
CVE-2007-0608
@@ -57,101 +57,101 @@
CVE-2007-0605
RESERVED
CVE-2007-0604 (Cross-site scripting (XSS) vulnerability in Movable Type (MT)
before ...)
- TODO: check
+ NOT-FOR-US: Movable Type
CVE-2007-0603 (PGP Desktop before 9.5.1 does not validate data objects
received over ...)
- TODO: check
+ NOT-FOR-US: PGP Desktop
CVE-2007-0602 (Buffer overflow in libvsapi.so in the VSAPI library in Trend
Micro ...)
- TODO: check
+ NOT-FOR-US: Trend Micro AntiVirus
CVE-2007-0601 (common/safety.php in Aztek Forum 4.00 allows remote attackers
to enter ...)
- TODO: check
+ NOT-FOR-US: Aztek Forum
CVE-2007-0600 (SQL injection vulnerability in news_page.asp in Martyn Kilbryde
...)
- TODO: check
+ NOT-FOR-US: makit news
CVE-2007-0599 (Variable overwrite vulnerability in common/config.php in Aztek
Forum ...)
- TODO: check
+ NOT-FOR-US: Aztek Forum
CVE-2007-0598 (SQL injection vulnerability in forum/load.php in Aztek Forum
4.00 ...)
- TODO: check
+ NOT-FOR-US: Aztek Forum
CVE-2007-0597 (Aztek Forum 4.00 allows remote attackers to obtain sensitive
...)
- TODO: check
+ NOT-FOR-US: Aztek Forum
CVE-2007-0596 (PHP remote file inclusion vulnerability in index/main.php in
Aztek ...)
- TODO: check
+ NOT-FOR-US: Aztek Forum
CVE-2007-0595 (Cross-site scripting (XSS) vulnerability in high5 Review script
allows ...)
- TODO: check
+ NOT-FOR-US: high5 Review
CVE-2007-0594 (Siteman 2.0.x2 stores sensitive information under the web root
with ...)
- TODO: check
+ NOT-FOR-US: Siteman
CVE-2007-0593 (Siteman 1.1.11 stores sensitive information under the web root
with ...)
- TODO: check
+ NOT-FOR-US: Siteman
CVE-2007-0592 (Cross-site scripting (XSS) vulnerability in EzDatabase 2.1.3
allows ...)
- TODO: check
+ NOT-FOR-US: EzDatabase
CVE-2007-0591 (PHP remote file inclusion vulnerability in configure.php in Vu
Le An ...)
- TODO: check
+ NOT-FOR-US: VirtualPath
CVE-2007-0590 (Cross-site scripting (XSS) vulnerability in busca2.asp in Forum
Livre ...)
- TODO: check
+ NOT-FOR-US: Forum Livre
CVE-2007-0589 (SQL injection vulnerability in Forum Livre 1.0 allows remote
attackers ...)
- TODO: check
+ NOT-FOR-US: Forum Livre
CVE-2007-0588 (The InternalUnpackBits function in Apple QuickDraw, as used by
...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2007-0587
RESERVED
CVE-2007-0586
RESERVED
CVE-2007-0585 (include/debug.php in Webfwlog 0.92 and earlier, when
register_globals ...)
- TODO: check
+ NOT-FOR-US: Webfwlog
CVE-2007-0584 (PHP remote file inclusion vulnerability in
membres/membreManager.php ...)
- TODO: check
+ NOT-FOR-US: PhP Generic
CVE-2007-0583 (Multiple cross-site scripting (XSS) vulnerabilities in HTTP
Commander ...)
- TODO: check
+ NOT-FOR-US: HTTP Commander
CVE-2007-0582 (SQL injection vulnerability in default.asp in ChernobiLe 1.0
allows ...)
- TODO: check
+ NOT-FOR-US: ChernobiLe
CVE-2007-0581 (PHP remote file inclusion vulnerability in functions.php in
EclipseBB ...)
- TODO: check
+ NOT-FOR-US: EclipseBB
CVE-2007-0580 (PHP remote file inclusion vulnerability in menu.php in Foro
Domus 2.10 ...)
- TODO: check
+ NOT-FOR-US: Foro Domus
CVE-2007-0579 (Unspecified vulnerability in the calendar component in Horde
Groupware ...)
- TODO: check
+ NOT-FOR-US: Horde Groupware
CVE-2007-0578 (The http_open function in httpget.c in mpg123 before 0.64
allows ...)
- TODO: check
+ - mpg123 <unfixed> (bug #409296; low)
CVE-2007-0577 (PHP remote file inclusion vulnerability in function.inc.php in
...)
- TODO: check
+ NOT-FOR-US: ACGVclick
CVE-2007-0576 (PHP remote file inclusion vulnerability in xt_counter.php in
Xt-Stats ...)
- TODO: check
+ NOT-FOR-US: Xt-Stats
CVE-2007-0575 (Multiple SQL injection vulnerabilities in the administrative
login ...)
- TODO: check
+ NOT-FOR-US: ASPCode.net AdMentor
CVE-2007-0574 (SQL injection vulnerability in rss/show_webfeed.php in
SpoonLabs Vivvo ...)
- TODO: check
+ NOT-FOR-US: SpoonLabs Vivvo Article Management CMS
CVE-2007-0573 (PHP remote file inclusion vulnerability in
includes/config.inc.php in ...)
- TODO: check
+ NOT-FOR-US: nsGalPHP
CVE-2007-0572 (PHP remote file inclusion vulnerability in
include/irc/phpIRC.php in ...)
- TODO: check
+ NOT-FOR-US: Drunken:Golem Gaming Portal
CVE-2007-0571 (PHP remote file inclusion vulnerability in
include/lib/lib_head.php in ...)
- TODO: check
+ NOT-FOR-US: phpMyReports
CVE-2007-0570 (PHP remote file inclusion vulnerability in ains_main.php in
Johannes ...)
- TODO: check
+ NOT-FOR-US: Ad Fundum Integratable News Script
CVE-2007-0569 (SQL injection vulnerability in xNews.php in xNews 1.3 allows
remote ...)
- TODO: check
+ NOT-FOR-US: xNews
CVE-2007-0568 (PHP remote file inclusion vulnerability in
system/lib/package.php in ...)
- TODO: check
+ NOT-FOR-US: MyPHPCommander
CVE-2007-0567 (Cross-site scripting (XSS) vulnerability in admin.php in ...)
- TODO: check
+ NOT-FOR-US: Interactive-Scripts.Com
CVE-2007-0566 (SQL injection vulnerability in news_detail.asp in ASP NEWS 3
and ...)
- TODO: check
+ NOT-FOR-US: ASP NEWS
CVE-2007-0565 (CGI-Rescue Shopping Basket Professional 7.50 and earlier allows
remote ...)
- TODO: check
+ NOT-FOR-US: CGI RESCUE
CVE-2007-0564 (The license registering interface in Symantec Web Security
(SWS) ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2007-0563 (Multiple cross-site scripting (XSS) vulnerabilities in Symantec
Web ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2007-0562 (Windows Explorer (explorer.exe) 6.0.2900.2180 in Microsoft
Windows XP ...)
- TODO: check
+ NOT-FOR-US: Windows Explorer
CVE-2007-0561 (Multiple PHP remote file inclusion vulnerabilities in Xero
Portal 1.2 ...)
- TODO: check
+ NOT-FOR-US: Xero Portal
CVE-2007-0560 (SQL injection vulnerability in user.asp in ASP EDGE 1.2b and
earlier ...)
- TODO: check
+ NOT-FOR-US: ASP EDGE
CVE-2007-0559 (PHP remote file inclusion vulnerability in config.php in RPW
1.0.2 ...)
- TODO: check
+ NOT-FOR-US: RPW
CVE-2007-0558 (PHP remote file inclusion vulnerability in
modules/mail/main.php in ...)
- TODO: check
+ NOT-FOR-US: vHostAdmin
CVE-2005-4826 (Unspecified vulnerability in the VLAN Trunking Protocol (VTP)
feature ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2007-0557 (rMake before 1.0.4 drops root privileges in a way that retains
the ...)
NOT-FOR-US: rPath
CVE-2007-0556
@@ -179,7 +179,7 @@
CVE-2007-0545 (Maxtricity Tagger 0.1 stores sensitive information under the
web root ...)
NOT-FOR-US: Maxtricity Tagger
CVE-2007-0544 (Cross-site scripting (XSS) vulnerability in private.php in MyBB
(aka ...)
- NOT-FOR-US: MyBulletinBoard)
+ NOT-FOR-US: MyBulletinBoard
CVE-2007-0543 (ZixForum 1.14 and earlier stores sensitive information under
the web ...)
NOT-FOR-US: ZixForum
CVE-2007-0542 (Cross-site scripting (XSS) vulnerability in show.php in 212cafe
...)
@@ -357,8 +357,6 @@
- bbclone <unfixed> (bug #408839; medium)
CVE-2007-XXXX [hinfo code injection]
- hinfo 1.02-3.1 (bug #402316)
-CVE-2007-XXXX [unsafe alloca() call in chmlib]
- - chmlib 2:0.39-1 (bug #408603; medium)
CVE-2007-0494 (ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3,
9.4.0a1 ...)
{DSA-1254-1}
- bind9 1:9.3.4-2 (medium; bug #408432)
@@ -384,7 +382,7 @@
CVE-2007-0467 (crashdump in Apple Mac OS X 10.4.8 allows local users in the
admin ...)
TODO: check
CVE-2007-0466 (Telestream Flip4Mac Windows Media Components for Quicktime
2.1.0.33 ...)
- TODO: check
+ NOT-FOR-US: Telestream
CVE-2007-0465 (Format string vulnerability in Apple Installer 2.1.5 on Mac OS
X ...)
TODO: check
CVE-2007-0464 (The _CFNetConnectionWillEnqueueRequests function in CFNetwork
129.19 ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
