diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2017-01-13 13:29:07 +0000 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2017-01-13 13:29:07 +0000 |
commit | 451b3fe2b5f71947ab11c3b363354b946121525d (patch) | |
tree | 55420dc820ec73488040bfaf06c4b6d0fd7f3b92 /data/CVE/2007.list | |
parent | 4a4b06017bb51222fdfccb5c2356ee9539e4f1a0 (diff) |
php5 removed from unstable
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@47974 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data/CVE/2007.list')
-rw-r--r-- | data/CVE/2007.list | 28 |
1 files changed, 14 insertions, 14 deletions
diff --git a/data/CVE/2007.list b/data/CVE/2007.list index 888180cac3..8a5f4d4938 100644 --- a/data/CVE/2007.list +++ b/data/CVE/2007.list @@ -3156,7 +3156,7 @@ CVE-2007-5425 (SQL injection vulnerability in admin/index.php in Interspire Acti NOT-FOR-US: ActiveKB NX CVE-2007-5424 (The disable_functions feature in PHP 4 and 5 allows attackers to ...) - php4 <removed> (unimportant) - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) NOTE: if the function is blacklisted but not its alias it is a configuration NOTE: issue of the site not a vulnerability in php CVE-2007-5423 (tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to ...) @@ -4465,7 +4465,7 @@ CVE-2007-4891 (A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier CVE-2007-4890 (Absolute directory traversal vulnerability in a certain ActiveX ...) NOT-FOR-US: Microsoft Visual Studio CVE-2007-4889 (The MySQL extension in PHP 5.2.4 and earlier allows remote attackers ...) - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) NOTE: basedir and safemode not supported CVE-2007-4888 (The "You are not allowed..." error handler in XWiki 1.0 B1 and 1.0 B2 ...) NOT-FOR-US: Xwiki @@ -5177,7 +5177,7 @@ CVE-2007-4598 (IBM SurePOS 500 has (1) a default password of "12345" f CVE-2007-4597 (SQL injection vulnerability in index.php in TurnkeyWebTools SunShop ...) NOT-FOR-US: SunShop Shopping Cart CVE-2007-4596 (The perl extension in PHP does not follow safe_mode restrictions, ...) - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) NOTE: Safe mode violations not treated as vulnerabilities CVE-2007-4595 (Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.12 allows ...) NOT-FOR-US: Mayaa @@ -5975,7 +5975,7 @@ CVE-2007-4257 (Multiple buffer overflows in Live for Speed (LFS) S1 and S2 allow CVE-2007-4256 (Directory traversal vulnerability in showpage.cgi in YNP Portal System ...) NOT-FOR-US: YNP Portal System CVE-2007-4255 (Buffer overflow in the mSQL extension in PHP 5.2.3 allows ...) - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) - php4 <removed> (unimportant) NOTE: Only exploitable by malicious script CVE-2007-4254 (Stack-based buffer overflow in a certain ActiveX control in VDT70.DLL ...) @@ -8241,7 +8241,7 @@ CVE-2007-3296 (The ThunderServer.webThunder.1 ActiveX control in xunlei Web ...) CVE-2007-3295 (Directory traversal vulnerability in Yet another Bulletin Board (YaBB) ...) NOT-FOR-US: YaBB CVE-2007-3294 (Multiple buffer overflows in libtidy, as used in the Tidy extension ...) - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) NOTE: Only exploitable by malicious script CVE-2007-3293 (SQL injection vulnerability in categoria.php in LiveCMS 3.4 and ...) NOT-FOR-US: LiveCMS @@ -8453,7 +8453,7 @@ CVE-2007-3206 RESERVED CVE-2007-3205 (The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Subhosin, ...) - php4 <removed> (unimportant) - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) NOTE: That's by design CVE-2007-3204 (SQL injection vulnerability in auth.php in Just For Fun Network ...) NOTE: This is an jffnms ID, which has been wrongly reported by an external party, @@ -11550,7 +11550,7 @@ CVE-2007-1891 (Stack-based buffer overflow in the GetPrivateProfileSectionW func NOT-FOR-US: Akamai CVE-2007-1890 (Integer overflow in the msg_receive function in PHP 4 before 4.4.5 and ...) - php4 <removed> (unimportant) - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) NOTE: local code execution only, possibly only on FreeBSD CVE-2007-1889 (Integer signedness error in the _zend_mm_alloc_int function in the ...) {DSA-1283-1 DTSA-39-1} @@ -11573,7 +11573,7 @@ CVE-2007-1884 (Multiple integer signedness errors in the printf function family NOTE: Dupe of CVE-2007-0909; Fixed in DSA-1264, php5 5.2.0-9, php4 6:4.4.4-9 CVE-2007-1883 (PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows ...) - php4 <removed> (unimportant) - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) NOTE: Only triggerable by malicious script CVE-2007-1882 (qcbin/servlet/tdservlet/TDAPI_GeneralWebTreatment in HP Mercury ...) NOT-FOR-US: HP Mercury Quality Center @@ -11693,7 +11693,7 @@ CVE-2007-1836 (The command line administration interface in Data Domain OS befor NOT-FOR-US: Data Domain OS CVE-2007-1835 (PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session ...) - php4 <removed> (unimportant) - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) NOTE: open_basedir bypasses not supported CVE-2007-1834 (Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco ...) NOT-FOR-US: Cisco @@ -11984,7 +11984,7 @@ CVE-2007-1711 (Double free vulnerability in the unserializer in PHP 4.4.5 and 4. NOTE: register_globals not supported CVE-2007-1710 (The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows ...) - php4 <removed> (unimportant) - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) NOTE: Safe mode violations not supported, insufficient measure CVE-2007-1709 (Buffer overflow in the confirm_phpdoc_compiled function in the phpDOC ...) NOT-FOR-US: PECL phpDOC @@ -12292,11 +12292,11 @@ CVE-2007-1583 (The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 th - php5 5.2.0-11 (medium) - php4 <removed> (medium) CVE-2007-1582 (The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 ...) - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) - php4 <removed> (unimportant) NOTE: Only triggerable by malicious script CVE-2007-1581 (The resource system in PHP 5.0.0 through 5.2.1 allows ...) - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) NOTE: Only triggerable by malicious script CVE-2007-1580 (FTPDMIN 0.96 allows remote attackers to cause a denial of service ...) NOT-FOR-US: FTPDMIN @@ -12698,7 +12698,7 @@ CVE-2007-1414 (Multiple PHP remote file inclusion vulnerabilities in Coppermine NOT-FOR-US: Coppermine Photo Gallery CVE-2007-1413 (Buffer overflow in the snmpget function in the snmp extension in PHP ...) - php4 <removed> (unimportant) - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) NOTE: Only triggerable by malicious script CVE-2007-1412 (The cpdf_open function in the ClibPDF (cpdf) extension in PHP 4.4.6 ...) - php4 <not-affected> (cpdf extension not enabled in binary build) @@ -14994,7 +14994,7 @@ CVE-2007-0450 (Directory traversal vulnerability in Apache HTTP Server and Tomca CVE-2007-0449 (Multiple buffer overflows in LGSERVER.EXE in CA BrightStor ARCserve ...) NOT-FOR-US: CA BrightStor CVE-2007-0448 (The fopen function in PHP 5.2.0 does not properly handle invalid URI ...) - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) NOTE: open_basedir bypasses not supported CVE-2007-0447 (Heap-based buffer overflow in the Decomposer component in multiple ...) NOT-FOR-US: Symantec |