diff options
author | Kees Cook <kees@outflux.net> | 2007-06-28 23:18:08 +0000 |
---|---|---|
committer | Kees Cook <kees@outflux.net> | 2007-06-28 23:18:08 +0000 |
commit | f8ba502facf13ce7daf29010612e66c01db26523 (patch) | |
tree | 5f5658aef5298c575628892dcd4b917eac937b0a | |
parent | 59adf4d4e06b6dc662ac0c88b7297417c48dc899 (diff) |
NFUs: 109
unfixed: firebird2 iceape iceweasel ircii-pana kvirc redhat-cluster sun-java6 tomcat5 tomcat5.5 websvn wordpress xulrunner
fixed: awffull hiki squirrelmail sun-java5
not-affected: iceweasel sudo xscreensaver
removed: firefox mozilla tomcat4
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@6074 e39458fd-73e7-0310-bf30-c45bca0a0e42
-rw-r--r-- | data/CVE/2007.list | 289 |
1 files changed, 157 insertions, 132 deletions
diff --git a/data/CVE/2007.list b/data/CVE/2007.list index 687abd14f8..e691cbf33b 100644 --- a/data/CVE/2007.list +++ b/data/CVE/2007.list @@ -1,39 +1,39 @@ CVE-2007-3455 (cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan ...) - TODO: check + NOT-FOR-US: Trend Micro OfficeScan Corporate Edition CVE-2007-3454 (Buffer overflow in CGIOCommon.dll before 8.0.0.1042 in Trend Micro ...) - TODO: check + NOT-FOR-US: Trend Micro OfficeScan Corporate Edition CVE-2007-3453 (SQL injection vulnerability in Papoo 3.6, and possibly earlier, allows ...) - TODO: check + NOT-FOR-US: Papoo CVE-2007-3452 (SQL injection vulnerability in essentials/minutes/doc.php in eDocStore ...) - TODO: check + NOT-FOR-US: eDocStore CVE-2007-3451 (PHP remote file inclusion vulnerability in admin/index.php in 6ALBlog ...) - TODO: check + NOT-FOR-US: 6ALBlog CVE-2007-3450 (SQL injection vulnerability in member.php in 6ALBlog allows remote ...) - TODO: check + NOT-FOR-US: 6ALBlog CVE-2007-3449 (SQL injection vulnerability in member.php in 6ALBlog allows remote ...) - TODO: check + NOT-FOR-US: 6ALBlog CVE-2007-3448 (Cross-site scripting (XSS) vulnerability in index.php in BugMall ...) - TODO: check + NOT-FOR-US: BugMall Shopping Cart CVE-2007-3447 (SQL injection vulnerability in BugMall Shopping Cart 2.5 and earlier ...) - TODO: check + NOT-FOR-US: BugMall Shopping Cart CVE-2007-3446 (BugMall Shopping Cart 2.5 and earlier has a default username "demo" ...) - TODO: check + NOT-FOR-US: BugMall Shopping Cart CVE-2007-3445 (Buffer overflow in SJ Labs SJphone 1.60.303c, running under Windows ...) - TODO: check + NOT-FOR-US: SJphone CVE-2007-3444 (The Research in Motion BlackBerry 7270 with 4.0 SP1 Bundle 83 allows ...) - TODO: check + NOT-FOR-US: BlackBerry 7270 CVE-2007-3443 (The Research in Motion BlackBerry 7270 before 4.0 SP1 Bundle 108 does ...) - TODO: check + NOT-FOR-US: BlackBerry 7270 CVE-2007-3442 (Format string vulnerability on the Research in Motion BlackBerry 7270 ...) - TODO: check + NOT-FOR-US: BlackBerry 7270 CVE-2007-3441 (Format string vulnerability in the Aastra 9112i SIP Phone with ...) - TODO: check + NOT-FOR-US: Aastra 9112i SIP Phone CVE-2007-3440 (The Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP 6.2.3, ...) - TODO: check + NOT-FOR-US: Snom 320 SIP Phone CVE-2007-3439 (The Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP 6.2.3, ...) - TODO: check + NOT-FOR-US: Snom 320 SIP Phone CVE-2007-3438 (Buffer overflow in the SIP header parsing module in the Nortel PC ...) - TODO: check + NOT-FOR-US: Nortel PC Client SIP Soft Phone CVE-2007-3437 (AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote ...) TODO: check CVE-2007-3436 (Microsoft MSN Messenger 4.7 on Windows XP allows remote attackers to ...) @@ -41,53 +41,53 @@ CVE-2007-3436 (Microsoft MSN Messenger 4.7 on Windows XP allows remote attackers CVE-2007-3435 (Stack-based buffer overflow in the BeginPrint method in a certain ...) TODO: check CVE-2007-3434 (index.php in Pharmacy System 2 and earlier allows remote attackers to ...) - TODO: check + NOT-FOR-US: Pharmacy System CVE-2007-3433 (SQL injection vulnerability in index.php in Pharmacy System 2 and ...) - TODO: check + NOT-FOR-US: Pharmacy System CVE-2007-3432 (Unrestricted file upload vulnerability in admin/images.php in Pluxml ...) - TODO: check + NOT-FOR-US: Pluxml CVE-2007-3431 (PHP remote file inclusion vulnerability in cal.func.php in Valerio ...) - TODO: check + NOT-FOR-US: Dagger CVE-2007-3430 (SQL injection vulnerability in index.php in Simple Invoices 2007 05 25 ...) - TODO: check + NOT-FOR-US: Simple Invoices CVE-2007-3429 (Unrestricted file upload vulnerability in signup.php in e107 0.7.8 and ...) - TODO: check + NOT-FOR-US: e107 CVE-2007-3428 (Multiple unspecified vulnerabilities in phpTrafficA before 1.4.2 allow ...) - TODO: check + NOT-FOR-US: phpTrafficA CVE-2007-3427 (SQL injection vulnerability in index.php in phpTrafficA 1.4.2 and ...) - TODO: check + NOT-FOR-US: phpTrafficA CVE-2007-3426 (Cross-site scripting (XSS) vulnerability in index.php in phpTrafficA ...) - TODO: check + NOT-FOR-US: phpTrafficA CVE-2007-3425 (Directory traversal vulnerability in index.php in phpTrafficA 1.4.2 ...) - TODO: check + NOT-FOR-US: phpTrafficA CVE-2007-3424 (The moveim function in cgi-bin/cgi-lib/instantmessage.pl in ...) - TODO: check + NOT-FOR-US: WebAPP CVE-2007-3423 (cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 ...) - TODO: check + NOT-FOR-US: WebAPP CVE-2007-3422 (The getcgi function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP ...) - TODO: check + NOT-FOR-US: WebAPP CVE-2007-3421 (The (1) login, (2) admin profile edit, (3) reminder, (4) edit profile, ...) - TODO: check + NOT-FOR-US: WebAPP CVE-2007-3420 (The Random Cookie Password functionality in the loaduser function in ...) - TODO: check + NOT-FOR-US: WebAPP CVE-2007-3419 (The editprofile3 function in cgi-bin/cgi-lib/user.pl in web-app.org ...) - TODO: check + NOT-FOR-US: WebAPP CVE-2007-3418 (The displaypost function in cgi-bin/cgi-lib/forum_display.pl in ...) - TODO: check + NOT-FOR-US: WebAPP CVE-2007-3417 (Multiple cross-site scripting (XSS) vulnerabilities in ...) - TODO: check + NOT-FOR-US: WebAPP CVE-2007-3416 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...) - TODO: check + NOT-FOR-US: WebAPP CVE-2007-3415 (Multiple SQL injection vulnerabilities in index.php in phpRaider 1.0.0 ...) - TODO: check + NOT-FOR-US: phpRaider CVE-2007-3414 (Multiple cross-site scripting (XSS) vulnerabilities in access2asp 4.5 ...) - TODO: check + NOT-FOR-US: access2asp CVE-2007-3413 (Multiple cross-site scripting (XSS) vulnerabilities in bosDataGrid ...) - TODO: check + NOT-FOR-US: bosDataGrid CVE-2007-3412 (Cross-site scripting (XSS) vulnerability in edit_image.asp in ...) - TODO: check + NOT-FOR-US: ClickGallery Server CVE-2007-3411 (SQL injection vulnerability in edit_image.asp in ClickGallery Server ...) - TODO: check + NOT-FOR-US: ClickGallery Server CVE-2007-3410 (Buffer overflow in the wallclock functionality ...) - helix-player <not-affected> (Debian versions of Helix player not affected according to maintainer) CVE-2007-3409 (Net::DNS before 0.60, a Perl module, allows remote attackers to cause ...) @@ -95,33 +95,34 @@ CVE-2007-3409 (Net::DNS before 0.60, a Perl module, allows remote attackers to c CVE-2007-3408 (Multiple unspecified vulnerabilities in Dia before 0.96.1-6 have ...) TODO: check CVE-2007-3407 (Sergey Lyubka Simple HTTPD (shttpd) 1.38 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Simple HTTPD CVE-2007-3406 (Multiple absolute path traversal vulnerabilities in Microsoft Internet ...) TODO: check CVE-2007-3405 (Multiple cross-site scripting (XSS) vulnerabilities in defter_yaz.asp ...) - TODO: check + NOT-FOR-US: Lebisoft zdefter CVE-2007-3404 (Directory traversal vulnerability in ShowImage.php in SiteDepth CMS ...) - TODO: check + NOT-FOR-US: SiteDepth CMS CVE-2007-3403 (Unrestricted file upload vulnerability in upload.php in dreamLog (aka ...) - TODO: check + NOT-FOR-US: dreamLog CVE-2007-3402 (SQL injection vulnerability in index.php in pagetool 1.07 allows ...) - TODO: check + NOT-FOR-US: pagetool CVE-2007-3401 (PHP remote file inclusion vulnerability in footer.inc.php in B1G b1gBB ...) - TODO: check + NOT-FOR-US: B1GBB CVE-2007-3400 (The NCTAudioEditor2 ActiveX control in NCTWMAFile2.dll 2.6.2.157 ...) TODO: check CVE-2007-3399 (SQL injection vulnerability in include/get_userdata.php in Power ...) - TODO: check + NOT-FOR-US: Power Phlogger CVE-2007-3398 (LiteWEB 2.7 allows remote attackers to cause a denial of service ...) - TODO: check + NOT-FOR-US: LiveWEB CVE-2007-3397 (The web container in IBM WebSphere Application Server (WAS) before ...) - TODO: check + NOT-FOR-US: IBM WebSphere Application Server CVE-2007-3396 (Cross-site scripting (XSS) vulnerability in index.wkf in KeyFocus (KF) ...) - TODO: check + NOT-FOR-US: KeyFocus CVE-2007-3395 (Directory traversal vulnerability in session.rb in Hiki 0.8.0 through ...) - TODO: check + - hiki 0.8.7-1 (bug #430691; medium) + NOTE: Duplicate of CVE-2007-2836 CVE-2007-3394 (Multiple SQL injection vulnerabilities in eNdonesia 8.4 allow remote ...) - TODO: check + NOT-FOR-US: eNdonesia CVE-2007-3388 RESERVED CVE-2007-3387 @@ -151,11 +152,11 @@ CVE-2007-3377 (Header.pm in Net::DNS before 0.60, a Perl module, (1) generates . CVE-2007-3376 (Buffer overflow in Apple Safari 3.0.2 on Windows XP SP2 allows ...) TODO: check CVE-2007-3375 (Stack-based buffer overflow in Lhaca File Archiver allows ...) - TODO: check + NOT-FOR-US: Lhaca CVE-2007-3374 (Buffer overflow in cluster/cman/daemon/daemon.c in cman ...) - TODO: check + - redhat-cluster <unfixed> (medium) CVE-2007-3373 (daemon.c in cman (redhat-cluster-suite) before 20070622 does not clear ...) - TODO: check + - redhat-cluster <unfixed> (low) CVE-2007-3389 (Wireshark before 0.99.6 allows remote attackers to cause a denial of ...) - wireshark 0.99.6pre1-1 [etch] - wireshark <not-affected> (Only affected 0.99.5) @@ -182,9 +183,9 @@ CVE-2007-3372 (The Avahi daemon in Avahi before 0.6.20 allows attackers to cause - avahi <unfixed> (low) [etch] - avahi <no-dsa> (Minor issue, only affects local users) CVE-2007-3371 (PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: Powl CVE-2007-3370 (Multiple PHP remote file inclusion vulnerabilities in Sun Board ...) - TODO: check + NOT-FOR-US: Sun Board CVE-2007-3369 (Buffer overflow in the Polycom SoundPoint IP 601 SIP phone with ...) NOT-FOR-US: Polycom SoundPoint IP 601 SIP phone CVE-2007-3368 (Buffer overflow in the HTTP server on the Polycom SoundPoint IP 601 ...) @@ -204,7 +205,7 @@ CVE-2007-3362 (ageet AGEphone before 1.6.2, running on Windows Mobile 5 on the H CVE-2007-3361 (The Nortel PC Client SIP Soft Phone 4.1 3.5.208[20051015] allows ...) NOT-FOR-US: Nortel PC Client SIP Soft Phone CVE-2007-3360 (hook.c in BitchX 1.1-final allows remote IRC servers to execute ...) - TODO: check + - ircii-pana <unfixed> (low) CVE-2007-3359 (Multiple PHP remote file inclusion vulnerabilities in SerWeb 0.9.6 and ...) NOT-FOR-US: SerWeb CVE-2007-3358 (PHP remote file inclusion vulnerability in html/load_lang.php in ...) @@ -218,11 +219,11 @@ CVE-2007-3355 (Multiple cross-site scripting (XSS) vulnerabilities in NetClassif CVE-2007-3354 (Multiple SQL injection vulnerabilities in NetClassifieds Premium ...) NOT-FOR-US: NetClassifieds Premium Edition CVE-2007-3353 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: MyEvent CVE-2007-3352 (Cross-site scripting (XSS) vulnerability in the preview form in ...) NOT-FOR-US: Stephen Ostermiller Contact Form CVE-2007-3351 (The SJPhone SIP soft phone 1.60.303c, when installed on the Dell Axim ...) - TODO: check + NOT-FOR-US: SJPhone SIP CVE-2007-3350 (AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote ...) NOT-FOR-US: AIM CVE-2007-3349 (The Aastra 9112i SIP Phone with firmware 1.4.0.1048 and boot version ...) @@ -240,11 +241,11 @@ CVE-2007-3344 (Multiple cross-site scripting (XSS) vulnerabilities in netjukebox CVE-2007-3343 (Cross-site scripting (XSS) vulnerability in RaidenHTTPD before 2.0.14 ...) NOT-FOR-US: RaidenHTTPD CVE-2007-3342 (Multiple cross-site scripting (XSS) vulnerabilities in Movable Type ...) - TODO: check + NOT-FOR-US: Movable Type CVE-2007-3341 (Unspecified vulnerability in the FTP implementation in Microsoft ...) NOT-FOR-US: Microsoft CVE-2007-3340 (HTTP SERVER 1.6.2 allows remote attackers to cause a denial of service ...) - TODO: check + NOT-FOR-US: HTTP Server 1.6.2 CVE-2007-3339 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: ColdFusion CVE-2007-3338 (Multiple buffer stack-based overflows in Ingres database server 2006 ...) @@ -260,7 +261,7 @@ CVE-2007-3334 (Multiple heap-based buffer overflows in the (1) Communications Se CVE-2007-3333 RESERVED CVE-2007-3332 (Directory traversal vulnerability in Satellite.php in Satel Lite for ...) - TODO: check + NOT-FOR-US: Satel Lite for PhpNuke CVE-2007-3331 (Cross-site request forgery (CSRF) vulnerability in STphp EasyNews PRO ...) NOT-FOR-US: STphp EasyNews PRO CVE-2007-3330 (Cross-site scripting (XSS) vulnerability in STphp EasyNews PRO 4.0 ...) @@ -268,13 +269,13 @@ CVE-2007-3330 (Cross-site scripting (XSS) vulnerability in STphp EasyNews PRO 4. CVE-2007-3329 (Multiple array index errors in the (1) get_intra_block, (2) ...) TODO: check CVE-2007-3328 (Multiple cross-site scripting (XSS) vulnerabilities in Interact 2.4 ...) - TODO: check + NOT-FOR-US: Interact CVE-2007-3327 (httpsv.exe in HTTP Server 1.6.2 allows remote attackers to obtain ...) - TODO: check + NOT-FOR-US: HTTP Server 1.6.2 CVE-2007-3326 (Multiple directory traversal vulnerabilities in vBulletin 3.x.x allow ...) NOT-FOR-US: vBulletin CVE-2007-3325 (PHP remote file inclusion vulnerability in lib/language.php in LAN ...) - TODO: check + NOT-FOR-US: LAN Management System CVE-2007-3324 (Multiple cross-site scripting (XSS) vulnerabilities in Comersus Cart ...) NOT-FOR-US: Comersus Cart CVE-2007-3323 (SQL injection vulnerability in comersus_optReviewReadExec.asp in ...) @@ -334,9 +335,9 @@ CVE-2007-3302 CVE-2007-3301 (SQL injection vulnerability in forum/include/error/autherror.cfm in ...) NOT-FOR-US: FuseTalk CVE-2007-3300 (Multiple F-Secure anti-virus products for Microsoft Windows and Linux ...) - TODO: check + NOT-FOR-US: F-Secure CVE-2007-3299 (Cross-site scripting (XSS) vulnerability in AWFFull before 3.7.4, when ...) - TODO: check + - awffull 3.7.4final-1 (low) CVE-2007-3298 (SQL injection vulnerability in Spey before 0.4.1 allows remote ...) NOT-FOR-US: Spey CVE-2007-3297 (Multiple PHP remote file inclusion vulnerabilities in Musoo 0.21 allow ...) @@ -344,35 +345,39 @@ CVE-2007-3297 (Multiple PHP remote file inclusion vulnerabilities in Musoo 0.21 CVE-2007-3296 (The ThunderServer.webThunder.1 ActiveX control in xunlei Web ...) TODO: check CVE-2007-3295 (Directory traversal vulnerability in Yet another Bulletin Board (YaBB) ...) - TODO: check + NOT-FOR-US: YaBB CVE-2007-3294 (Multiple buffer overflows in the Tidy extension for PHP 5.2.3 allow ...) TODO: check CVE-2007-3293 (SQL injection vulnerability in categoria.php in LiveCMS 3.4 and ...) - TODO: check + NOT-FOR-US: LiveCMS CVE-2007-3292 (Unrestricted file upload vulnerability in LiveCMS 3.4 and earlier ...) - TODO: check + NOT-FOR-US: LiveCMS CVE-2007-3291 (Cross-site scripting (XSS) vulnerability in LiveCMS 3.4 and earlier ...) - TODO: check + NOT-FOR-US: LiveCMS CVE-2007-3290 (categoria.php in LiveCMS 3.4 and earlier allows remote attackers to ...) - TODO: check + NOT-FOR-US: LiveCMS CVE-2007-3289 (PHP remote file inclusion vulnerability in spaw/spaw_control.class.php ...) - TODO: check + NOT-FOR-US: WiwiMod for XOOPS CVE-2007-3288 (Cross-site scripting (XSS) vulnerability in the skeltoac stats ...) - TODO: check + NOT-FOR-US: skeltoac stats plugin for WordPress CVE-2007-3287 RESERVED CVE-2007-3286 RESERVED CVE-2007-3285 (Mozilla Firefox allows remote attackers to bypass file type checks via ...) - TODO: check + - iceweasel <unfixed> (medium) + - iceape <unfixed> (medium) + - firefox <removed> (medium) + - mozilla <removed> (medium) + - xulrunner <unfixed> (medium) CVE-2007-3284 (corefoundation.dll in Apple Safari 3.0.1 (552.12.2) for Windows allows ...) - TODO: check + NOT-FOR-US: Apple Safari CVE-2007-3283 (GNOME XScreenSaver in Sun Solaris 8 and 9 before 20070417, when root ...) - TODO: check + - xscreensaver <not-affected> (Not a security issue: works as documented) CVE-2007-3282 (Buffer overflow in the Microsoft Office MSODataSourceControl ActiveX ...) TODO: check CVE-2007-3281 (Cross-site scripting (XSS) vulnerability in index.php in Php Hosting ...) - TODO: check + NOT-FOR-US: Php Hosting Biller CVE-2007-3280 (The Database Link library (dblink) in PostgreSQL 8.1 implements ...) TODO: check CVE-2007-3279 (PostgreSQL 8.1 and probably later versions, when the PL/pgSQL ...) @@ -380,43 +385,43 @@ CVE-2007-3279 (PostgreSQL 8.1 and probably later versions, when the PL/pgSQL ... CVE-2007-3278 (PostgreSQL 8.1 and probably later versions, when local trust ...) TODO: check CVE-2007-3277 (Unspecified vulnerability in the localization before 1.2 module for ...) - TODO: check + NOT-FOR-US: localization module for WIKINDX CVE-2007-3276 (Cross-site scripting (XSS) vulnerability in index.php in Site@School ...) - TODO: check + NOT-FOR-US: Site CVE-2007-3275 (MailWasher Server before 2.2.1, when used with LDAP or Active ...) - TODO: check + NOT-FOR-US: MailWasher Server CVE-2007-3274 (Apple Safari 3.0 and 3.0.1 on Windows XP SP2 allows attackers to cause ...) TODO: check CVE-2007-3273 (SQL injection vulnerability in index.cfm in FuseTalk 2.0 allows remote ...) - TODO: check + NOT-FOR-US: FuseTalk CVE-2007-3272 (Directory traversal vulnerability in index.php in MiniBB 2.0.5 allows ...) - TODO: check + NOT-FOR-US: MiniBB CVE-2007-3271 (PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: YourFreeScreamer CVE-2007-3270 (PHP remote file inclusion vulnerability in Includes/global.inc.php in ...) - TODO: check + NOT-FOR-US: phpMyInventory CVE-2007-3269 (Multiple cross-site scripting (XSS) vulnerabilities in Papoo Light 3.6 ...) - TODO: check + NOT-FOR-US: Papoo Light CVE-2007-3268 RESERVED CVE-2007-3267 (Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum ...) - TODO: check + NOT-FOR-US: Fuzzylime Forum CVE-2007-3266 (Directory traversal vulnerability in webif.cgi in ifnet WEBIF allows ...) - TODO: check + NOT-FOR-US: WEBIF CVE-2007-3265 (Cross-site scripting (XSS) vulnerability in the Samples component in ...) - TODO: check + NOT-FOR-US: IBM WebSphere Application Server CVE-2007-3264 (Unspecified vulnerability in the PD tools component in IBM WebSphere ...) - TODO: check + NOT-FOR-US: IBM WebSphere Application Server CVE-2007-3263 (Unspecified vulnerability in the Default Messaging Component in IBM ...) - TODO: check + NOT-FOR-US: IBM WebSphere Application Server CVE-2007-3262 (Unspecified vulnerability in the Default Messaging Component in IBM ...) - TODO: check + NOT-FOR-US: IBM WebSphere Application Server CVE-2007-3261 (Cross-site scripting (XSS) vulnerability in widgets/widget_search.php ...) - TODO: check + NOT-FOR-US: dKret CVE-2007-3260 (HP System Management Homepage (SMH) before 2.1.9 for Linux, when used ...) - TODO: check + NOT-FOR-US: HP System Management Homepage CVE-2007-3259 (Calendarix 0.7.20070307 allows remote attackers to obtain sensitive ...) - TODO: check + NOT-FOR-US: Calendarix CVE-2007-3258 RESERVED CVE-2007-3257 (Camel (camel-imap-folder.c) in the mailer component for Evolution Data ...) @@ -430,23 +435,23 @@ CVE-2007-3255 CVE-2007-3254 RESERVED CVE-2007-3253 (Multiple unspecified vulnerabilities in Astaro Security Gateway (ASG) ...) - TODO: check + NOT-FOR-US: Astaro Security Gateway CVE-2007-3252 (PortalApp stores sensitive information under the web root with ...) - TODO: check + NOT-FOR-US: PortalApp CVE-2007-3251 (Multiple directory traversal vulnerabilities in e-Vision CMS 2.02 and ...) - TODO: check + NOT-FOR-US: e-Vision CMS CVE-2007-3250 (SQL injection vulnerability in mod_banners.php in Elxis CMS before ...) - TODO: check + NOT-FOR-US: Elxis CMS CVE-2007-3249 (Cross-site scripting (XSS) vulnerability in mod_lettermansubscribe.php ...) - TODO: check + NOT-FOR-US: Letterman Subscriber CVE-2007-3248 (Unspecified vulnerability in Sun Solaris 10 before 20070614, when IPv6 ...) - TODO: check + NOT-FOR-US: Sun Solaris CVE-2007-3247 (SQL injection vulnerability in VirtueMart before 1.0.11 allows remote ...) - TODO: check + NOT-FOR-US: VirtueMart CVE-2007-3246 (The do_set_password function in modules/chanserv/set.c in IRC Services ...) - TODO: check + NOT-FOR-US: IRC Services CVE-2007-3245 (IRC Services before 5.0.62, and 5.1 before 5.1pre3, allows remote ...) - TODO: check + NOT-FOR-US: IRC Services CVE-2007-3244 (SQL injection vulnerability in bb-includes/formatting-functions.php in ...) NOT-FOR-US: bbPress CVE-2007-3243 (Cross-site scripting (XSS) vulnerability in bb-login.php in bbPress ...) @@ -460,7 +465,7 @@ CVE-2007-3240 (Cross-site scripting (XSS) vulnerability in 404.php in the ...) CVE-2007-3239 (Cross-site scripting (XSS) vulnerability in searchform.php in the ...) NOT-FOR-US: AndyBlue theme for WordPress CVE-2007-3238 (Cross-site scripting (XSS) vulnerability in functions.php in the ...) - TODO: check + - wordpress <unfixed> (low) CVE-2007-3237 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: XOOPS CVE-2007-3236 (PHP remote file inclusion vulnerability in footer.php in the Horoscope ...) @@ -537,7 +542,7 @@ CVE-2007-3209 (Mail Notification 4.0, when WITH_SSL is set to 0 at compile time, CVE-2007-3208 (CRLF injection vulnerability in Yet another Bulletin Board (YaBB) 2.1 ...) NOT-FOR-US: YaBB CVE-2007-3207 (Buffer overflow in the NFS mount daemon (XNFS.NLM) in Novell NetWare ...) - TODO: check + NOT-FOR-US: Novell NetWare CVE-2007-3206 RESERVED CVE-2007-3205 (The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Subhosin, ...) @@ -587,11 +592,11 @@ CVE-2007-3185 (Apple Safari Beta 3.0.1 for Windows public beta allows remote ... CVE-2007-3184 (Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS X, ...) NOT-FOR-US: Cisco CVE-2007-3183 (Multiple SQL injection vulnerabilities in Calendarix 0.7.20070307, ...) - TODO: check + NOT-FOR-US: Calendarix CVE-2007-3182 (Multiple cross-site scripting (XSS) vulnerabilities in Calendarix ...) - TODO: check + NOT-FOR-US: Calendarix CVE-2007-3181 (Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1 allows ...) - TODO: check + - firebird2 <unfixed> (medium) CVE-2007-3180 (Buffer overflow in Help and Support Center before 4.4 C on HP Windows ...) NOT-FOR-US: HP CVE-2007-3179 (Multiple SQL injection vulnerabilities in archives.php in Particle ...) @@ -660,7 +665,7 @@ CVE-2007-3151 (rpttop.htm in the web management interface in Packeteer PacketSha CVE-2007-3150 (Google Desktop allows user-assisted remote attackers to execute ...) NOT-FOR-US: Google Desktop CVE-2007-3149 (sudo, when linked with MIT Kerberos 5 (krb5), does not properly check ...) - TODO: check + - sudo <not-affected> (Not linked with krb5) CVE-2007-3148 (Buffer overflow in the Yahoo! Webcam Viewer ActiveX control in ...) NOT-FOR-US: Yahoo! Webcam Viewer CVE-2007-3147 (Buffer overflow in the Yahoo! Webcam Upload ActiveX control in ...) @@ -704,11 +709,11 @@ CVE-2007-3131 (Cross-site scripting (XSS) vulnerability in add_comment.php in Li CVE-2007-3130 (Multiple PHP remote file inclusion vulnerabilities in the OpenWiki ...) NOT-FOR-US: OpenWiki CVE-2007-3129 (Cross-site scripting (XSS) vulnerability in login.php in Utopia News ...) - TODO: check + NOT-FOR-US: Utopia News Pro CVE-2007-3128 (SQL injection vulnerability in content.php in WSPortal 1.0, when ...) - TODO: check + NOT-FOR-US: WSPortal CVE-2007-3127 (content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows ...) - TODO: check + NOT-FOR-US: WSPortal CVE-2007-3126 (Gimp 2.3.14 allows context-dependent attackers to cause a denial of ...) - gimp <unfixed> (unimportant) CVE-2007-3125 @@ -773,7 +778,7 @@ CVE-2007-3103 CVE-2007-3102 RESERVED CVE-2007-3101 (Multiple cross-site scripting (XSS) vulnerabilities in certain JSF ...) - TODO: check + NOT-FOR-US: Apache MyFaces Tomahawk CVE-2007-3100 (usr/log.c in iscsid in open-iscsi (iscsi-initiator-utils) before ...) {DSA-1314-1} - open-iscsi 2.0.865-1 (low; bug #429225) @@ -797,9 +802,17 @@ CVE-2007-3092 (Microsoft Internet Explorer 6 allows remote attackers to spoof th CVE-2007-3091 (Race condition in Microsoft Internet Explorer 6 and 7 allows remote ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-3090 (Mozilla Firefox does not properly manage a delay timer used in ...) - TODO: check + - iceweasel <unfixed> (medium) + - iceape <unfixed> (medium) + - firefox <removed> (medium) + - mozilla <removed> (medium) + - xulrunner <unfixed> (medium) CVE-2007-3089 (Mozilla Firefox does not prevent use of document.write to replace an ...) - TODO: check + - iceweasel <unfixed> (low) + - iceape <unfixed> (low) + - firefox <removed> (low) + - mozilla <removed> (low) + - xulrunner <unfixed> (low) CVE-2007-3088 (SQL injection vulnerability in index.php in Comicsense allows remote ...) NOT-FOR-US: Comicsense CVE-2007-3087 (Peercast places a cleartext password in a query string, which might ...) @@ -829,11 +842,16 @@ CVE-2007-3076 (A certain ActiveX control in sasatl.dll in Zenturi ProgramChecker CVE-2007-3075 (Directory traversal vulnerability in Microsoft Internet Explorer ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-3074 (Mozilla Firefox 2.0.0.4 and earlier allows remote attackers to read ...) - TODO: check + - iceweasel <unfixed> (low) + - iceape <unfixed> (low) + - firefox <removed> (low) + - mozilla <removed> (low) + - xulrunner <unfixed> (low) CVE-2007-3073 (Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and ...) TODO: check CVE-2007-3072 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.4 on ...) - TODO: check + - iceweasel <not-affected> + NOTE: Windows only CVE-2007-3071 (Buffer overflow in the GetWebStoreURL function in a certain ActiveX ...) NOT-FOR-US: eSellerate CVE-2007-3070 (Cross-site scripting (XSS) vulnerability in index.php in BDigital Web ...) @@ -865,7 +883,7 @@ CVE-2007-3058 (Multiple PHP remote file inclusion vulnerabilities in Madirish We CVE-2007-3057 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: XOOPS CVE-2007-3056 (Cross-site scripting (XSS) vulnerability in filedetails.php in WebSVN ...) - TODO: check + - websvn <unfixed> (low) CVE-2007-3055 (Cross-site scripting (XSS) vulnerability in index.php in Codelib ...) NOT-FOR-US: Codelib Linker CVE-2007-3054 (Cross-site scripting (XSS) vulnerability in search.php in Codelib ...) @@ -969,9 +987,11 @@ CVE-2007-3007 (PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode CVE-2007-3006 (Buffer overflow in Acoustica MP3 CD Burner 4.32 allows user-assisted ...) NOT-FOR-US: Acoustica MP3 CD Burner CVE-2007-3005 (Unspecified vulnerability in the Sun Java Runtime Environment in JDK ...) - TODO: check + - sun-java5 1.5.0-11-1 (low) + - sun-java6 <unfixed> (low) CVE-2007-3004 (Buffer overflow in the image parsing implementation in the Sun Java ...) - TODO: check + - sun-java5 1.5.0-11-1 (medium) + - sun-java6 <unfixed> (medium) CVE-2007-3003 (Multiple SQL injection vulnerabilities in myBloggie 2.1.6 and earlier ...) NOT-FOR-US: myBloggie CVE-2007-3002 (PHP JackKnife (PHPJK) allows remote attackers to obtain sensitive ...) @@ -1084,7 +1104,7 @@ CVE-2007-2953 CVE-2007-2952 RESERVED CVE-2007-2951 (The parseIrcUrl function in src/kvirc/kernel/kvi_ircurl.cpp in KVIrc ...) - TODO: check + - kvirc <unfixed> (medium) CVE-2007-2950 RESERVED CVE-2007-2949 @@ -1355,7 +1375,7 @@ CVE-2007-2838 RESERVED CVE-2007-2837 RESERVED -CVE-2007-2836 [hiki file delition vulnerability] +CVE-2007-2836 [hiki file deletion vulnerability] RESERVED - hiki 0.8.7-1 (bug #430691; medium) CVE-2007-2835 @@ -1809,7 +1829,8 @@ CVE-2007-2633 (Directory traversal vulnerability in H-Sphere SiteStudio 1.6 allo CVE-2007-2632 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Multi User ...) NOT-FOR-US: phpMUR CVE-2007-2631 (Cross-site request forgery (CSRF) vulnerability in SquirrelMail ...) - TODO: check + - squirrelmail 2:1.4.10a-1 (low) + NOTE: this is likely a duplicate of CVE-2007-2589 CVE-2007-2630 (Incomplete blacklist vulnerability in ...) NOT-FOR-US: ActiveCampaign products CVE-2007-2629 (Bradford CampusManager Network Control Application Server 3.1(6) ...) @@ -1859,7 +1880,7 @@ CVE-2007-2608 (PHP remote file inclusion vulnerability in ...) CVE-2007-2607 (PHP remote file inclusion vulnerability in views/print/printbar.php in ...) NOT-FOR-US: LaVague CVE-2007-2606 (Multiple buffer overflows in Firebird 2.1 allow attackers to trigger ...) - TODO: check + - firebird2 <unfixed> (low) CVE-2007-2605 (Unspecified vulnerability in the GetPropertyById function in ...) NOT-FOR-US: Brujula Toolbar CVE-2007-2604 (Unspecified vulnerability in the FlexLabel ActiveX control allows ...) @@ -2034,7 +2055,7 @@ CVE-2007-2522 (Stack-based buffer overflow in the inoweb Console Server in CA .. CVE-2007-2521 (PHP remote file inclusion vulnerability in common.php in E-GADS! 2.2.6 ...) NOT-FOR-US: E-GADS! CVE-2007-2520 (SQL injection vulnerability in admin.php in MyNews 0.10, when ...) - TODO: check + NOT-FOR-US: MyNews CVE-2007-2519 (Directory traversal vulnerability in the installer in PEAR 1.0 through ...) TODO: check CVE-2007-2518 @@ -2188,9 +2209,13 @@ CVE-2007-2451 (Unspecified vulnerability in drivers/crypto/geode-aes.c in GEODE- - linux-2.6 2.6.21-3 [etch] - linux-2.6 <not-affected> (Vulnerable code not present, introduced in 2.6.20) CVE-2007-2450 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager ...) - TODO: check + - tomcat4 <removed> (low) + - tomcat5 <unfixed> (low) + - tomcat5.5 <unfixed> (low) CVE-2007-2449 (Multiple cross-site scripting (XSS) vulnerabilities in certain JSP ...) - TODO: check + - tomcat4 <removed> (low) + - tomcat5 <unfixed> (low) + - tomcat5.5 <unfixed> (low) CVE-2007-2448 (Subversion 1.4.3 and earlier does not properly implement the "partial ...) - subversion 1.4.4dfsg1-1 (bug #428194; low) CVE-2007-2447 (The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 ...) @@ -2312,7 +2337,7 @@ CVE-2007-2400 (Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, . CVE-2007-2399 (WebKit in Apple Mac OS X 10.3.9, and 10.4.9 and later performs an ...) TODO: check CVE-2007-2398 (Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers ...) - TODO: check + NOT-FOR-US: Apple Safari CVE-2007-2397 RESERVED CVE-2007-2396 |