thr3ads.net - Secure testing commits - [Secure-testing-commits] r9576

If this information is useful, please help other people find it:
Share via:
thomasbl-guest at alioth.debian.org
2008-Aug-14 18:36 UTC
[Secure-testing-commits] r9576 - data/CVE

Author: thomasbl-guest
Date: 2008-08-14 18:36:54 +0000 (Thu, 14 Aug 2008)
New Revision: 9576

Modified:
   data/CVE/list
Log:
finished all "NOT-FOR-US"-tagging from the new "TODO:
check"-tags



Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-08-14 17:16:34 UTC (rev 9575)
+++ data/CVE/list	2008-08-14 18:36:54 UTC (rev 9576)
@@ -236,19 +236,19 @@
 CVE-2008-3555 (Directory traversal vulnerability in index.php in (1) WSN Forum
4.1.43 ...)
 	TODO: check
 CVE-2008-3554 (SQL injection vulnerability in index.php in Discuz! 6.0.1 allows
...)
-	TODO: check
+	NOT-FOR-US: Discuz!
 CVE-2008-3553 (Multiple unspecified vulnerabilities in Nokia Series 40 3rd
edition ...)
-	TODO: check
+	NOT-FOR-US: Nokia Series 40 3rd edition devices
 CVE-2008-3552 (Multiple unspecified vulnerabilities in Nokia Series 40 3rd
edition ...)
-	TODO: check
+	NOT-FOR-US: Nokia Series 40 3rd edition devices
 CVE-2008-3551 (Multiple unspecified vulnerabilities in Sun Java Platform Micro
...)
 	TODO: check
 CVE-2008-3550 (The CQWeb login page in IBM Rational ClearQuest 7.0.1 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: IBM Rational ClearQuest
 CVE-2008-3549 (Unspecified vulnerability in the pthread_mutex_reltimedlock_np
API in ...)
-	TODO: check
+	NOT-FOR-US: Sun Solaris 10 and OpenSolaris
 CVE-2008-3548 (Unspecified vulnerability in the Sun Netra T5220 Server with
firmware ...)
-	TODO: check
+	NOT-FOR-US: Sun Netra T5220 Server
 CVE-2008-3545
 	RESERVED
 CVE-2008-3544
@@ -308,41 +308,41 @@
 CVE-2008-3517
 	RESERVED
 CVE-2008-3516 (Multiple cross-site scripting (XSS) vulnerabilities in files
generated ...)
-	TODO: check
+	NOT-FOR-US: Adobe Presenter
 CVE-2008-3515 (Multiple cross-site scripting (XSS) vulnerabilities in files
generated ...)
-	TODO: check
+	NOT-FOR-US: Adobe Presenter
 CVE-2008-3514 (Unspecified vulnerability in VMware VirtualCenter 2.5 before
Update 2 ...)
-	TODO: check
+	NOT-FOR-US: VMware VirtualCenter
 CVE-2008-3513 (SQL injection vulnerability in the Book Catalog module 1.0 for
...)
-	TODO: check
+	NOT-FOR-US: PHP-Nuke
 CVE-2008-3512 (SQL injection vulnerability in the Kleinanzeigen module for
PHP-Nuke ...)
-	TODO: check
+	NOT-FOR-US: PHP-Nuke
 CVE-2008-3511 (Multiple cross-site scripting (XSS) vulnerabilities in Softbiz
Image ...)
-	TODO: check
+	NOT-FOR-US: Softbiz Image Gallery
 CVE-2008-3510 (Cross-site scripting (XSS) vulnerability in livehelp_js.php in
Crafty ...)
-	TODO: check
+	NOT-FOR-US: Crafty Syntax Live Help (CSLH)
 CVE-2008-3509 (LoveCMS 1.6.2 does not require administrative authentication for
(1) ...)
-	TODO: check
+	NOT-FOR-US: LoveCMS
 CVE-2008-3508 (LiteNews 0.1 (aka 01), and possibly 1.2 and earlier, allows
remote ...)
-	TODO: check
+	NOT-FOR-US: LiteNews
 CVE-2008-3507 (SQL injection vulnerability in index.php in LiteNews 0.1 (aka
01), and ...)
-	TODO: check
+	NOT-FOR-US: LiteNews
 CVE-2008-3506 (SQL injection vulnerability in PolyPager 1.0 rc2 and earlier
allows ...)
-	TODO: check
+	NOT-FOR-US: PolyPager
 CVE-2008-3505 (Cross-site scripting (XSS) vulnerability in PolyPager 1.0 rc2
and ...)
-	TODO: check
+	NOT-FOR-US: PolyPager
 CVE-2008-3504 (Unspecified vulnerability in mask PHP File Manager (mPFM) before
2.3 ...)
-	TODO: check
+	NOT-FOR-US: mask PHP File Manager (mPFM)
 CVE-2008-3503 (RSSFromParent in Plain Black WebGUI before 7.5.13 does not
restrict ...)
-	TODO: check
+	NOT-FOR-US: Plain Black WebGUI
 CVE-2008-3502 (Unspecified vulnerability in Best Practical Solutions RT 3.0.0
through ...)
-	TODO: check
+	NOT-FOR-US: Best Practical Solutions RT
 CVE-2008-3501 (Cross-site scripting (XSS) vulnerability in the WebAccess simple
...)
-	TODO: check
+	NOT-FOR-US: Novell Groupwise
 CVE-2008-3500 (Cross-site scripting (XSS) vulnerability in the Suggested Terms
module ...)
 	TODO: check
 CVE-2008-3499 (Unspecified vulnerability in &quot;a page in the workarea
folder&quot; in Ektron ...)
-	TODO: check
+	NOT-FOR-US: Ektron CMS400.NET
 CVE-2008-3498 (SQL injection vulnerability in the nBill (com_netinvoice)
component ...)
 	TODO: check
 CVE-2008-3497 (SQL injection vulnerability in pages.php in MyPHP CMS 0.3.1
allows ...)
@@ -350,27 +350,27 @@
 CVE-2008-3496 (Buffer overflow in format descriptor parsing in the
uvc_parse_format ...)
 	TODO: check
 CVE-2008-3495 (SQL injection vulnerability in kategori.asp in Pcshey Portal
allows ...)
-	TODO: check
+	NOT-FOR-US: Pcshey Portal
 CVE-2008-3494 (8e6 R3000 Internet Filter 2.0.12.10 allows remote attackers to
bypass ...)
-	TODO: check
+	NOT-FOR-US: 8e6 R3000 Internet Filter
 CVE-2008-3493 (vncviewer.exe in RealVNC Windows Client 4.1.2.0 allows remote
VNC ...)
-	TODO: check
+	NOT-FOR-US: RealVNC Windows Client
 CVE-2008-3492 (America''s Army (aka AA or Army Game Project) 2.8.3.1
and earlier ...)
-	TODO: check
+	NOT-FOR-US: America''s Army (aka AA or Army Game Project)
 CVE-2008-3491 (SQL injection vulnerability in go.php in Scripts24 iPost 1.0.1
and ...)
-	TODO: check
+	NOT-FOR-US: Scripts24 iPost
 CVE-2008-3490 (SQL injection vulnerability in members/mail.php in E-topbiz
Online ...)
-	TODO: check
+	NOT-FOR-US: E-topbiz Online Dating 3
 CVE-2008-3489 (SQL injection vulnerability in checkCookie function in ...)
-	TODO: check
+	NOT-FOR-US: PHPX
 CVE-2008-3488 (Unspecified vulnerability in Novell iManager before 2.7 SP1
(2.7.1) ...)
-	TODO: check
+	NOT-FOR-US: Novell iManager
 CVE-2008-3487 (SQL injection vulnerability in profile.php in PHPAuction GPL
Enhanced ...)
 	TODO: check
 CVE-2008-3486 (Directory traversal vulnerability in the user_get_profile
function in ...)
-	TODO: check
+	NOT-FOR-US: Coppermine Photo Gallery
 CVE-2008-3485 (Untrusted search path vulnerability in Citrix MetaFrame
Presentation ...)
-	TODO: check
+	NOT-FOR-US: Citrix MetaFrame Presentation Server
 CVE-2008-3532 (The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL
...)
 	- pidgin <unfixed> (bug #492434)
 	- gaim 1:2.0.0+fake.1
@@ -428,7 +428,7 @@
 CVE-2008-3461
 	RESERVED
 CVE-2008-3460 (Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office
Converter ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Office 2000
 CVE-2008-3459 (Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8,
when ...)
 	- openvpn 2.1~rc9-1 (low; bug #493488)
 	NOTE: pull/push needs to be allowed, successful authentication, compromised or
malicious server
@@ -1054,7 +1054,7 @@
 CVE-2008-3175 (Integer underflow in rxRPC.dll in the LGServer service in the
...)
 	NOT-FOR-US: CA ARCserve Backup
 CVE-2008-3174 (Unspecified vulnerability in the kmxfw.sys driver in CA
Host-Based ...)
-	TODO: check
+	NOT-FOR-US: r8 (Host-Based Intrusion Prevention System (HIPS))
 CVE-2008-3173 (Microsoft Internet Explorer allows web sites to set cookies for
...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2008-3172 (Opera allows web sites to set cookies for country-specific
top-level ...)
@@ -1418,13 +1418,13 @@
 CVE-2008-3022 (Multiple PHP remote file inclusion vulnerabilities in ...)
 	NOT-FOR-US: PHPortal
 CVE-2008-3021 (Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office
Converter ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Office 2000
 CVE-2008-3020 (Microsoft Office 2000 SP3 and XP SP3; Office Converter Pack; and
Works ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Office 2000
 CVE-2008-3019 (Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office
Converter ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Office 2000
 CVE-2008-3018 (Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office
Converter ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Office 2000
 CVE-2008-3017
 	RESERVED
 CVE-2008-3016
@@ -1448,13 +1448,13 @@
 CVE-2008-3007
 	RESERVED
 CVE-2008-3006 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and
2007 ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Office Excel
 CVE-2008-3005 (Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004
and 2008 ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Office Excel
 CVE-2008-3004 (Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3;
...)
-	TODO: check
+	NOT-FOR-US: Microsoft Office Excel
 CVE-2008-3003 (Microsoft Office Excel 2007 Gold and SP1, does not properly
delete the ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Office Excel
 CVE-2008-3002
 	RESERVED
 CVE-2008-3001 (The Aggregation module 5.x before 5.x-4.4 for Drupal allows
remote ...)
@@ -1593,7 +1593,7 @@
 CVE-2008-2928
 	RESERVED
 CVE-2008-2926 (The kmxfw.sys driver in CA Host-Based Intrusion Prevention
System ...)
-	TODO: check
+	NOT-FOR-US: r8 (Host-Based Intrusion Prevention System)
 CVE-2008-2925 (SQL injection vulnerability in Webmatic before 2.8 allows remote
...)
 	NOT-FOR-US: Webmatic
 CVE-2008-2924 (Cross-site scripting (XSS) vulnerability in Webmatic before 2.8
allows ...)
@@ -3131,17 +3131,17 @@
 CVE-2008-2260
 	RESERVED
 CVE-2008-2259 (Microsoft Internet Explorer 6 and 7 does not perform proper
&quot;argument ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2008-2258 (Microsoft Internet Explorer 5.01, 6, and 7 accesses
uninitialized ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2008-2257 (Microsoft Internet Explorer 5.01, 6, and 7 accesses
uninitialized ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2008-2256 (Microsoft Internet Explorer 5.01, 6, and 7 does not properly
handle ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2008-2255 (Microsoft Internet Explorer 5.01, 6, and 7 accesses
uninitialized ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2008-2254 (Microsoft Internet Explorer 5.01, 6, and 7 accesses
uninitialized ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2008-2253
 	RESERVED
 CVE-2008-2252
@@ -3157,9 +3157,9 @@
 CVE-2008-2247 (Cross-site scripting (XSS) vulnerability in Outlook Web Access
(OWA) ...)
 	NOT-FOR-US: Exchange Server
 CVE-2008-2246 (Microsoft Windows Vista through SP1 and Server 2008 do not
properly ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows Vista
 CVE-2008-2245 (Heap-based buffer overflow in Microsoft Windows Image Color
Management ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows Image Color Management System (MSCMS)
 CVE-2008-2244 (Microsoft Office Word 2002 SP3 allows remote attackers to
execute ...)
 	NOT-FOR-US: Microsoft Office Word 
 CVE-2008-2243
@@ -4997,11 +4997,11 @@
 CVE-2008-1458 (Cross-site scripting (XSS) vulnerability in index.php in CS-Cart
1.3.2 ...)
 	NOT-FOR-US: CS-Cart
 CVE-2008-1457 (The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3,
Server ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows 2000
 CVE-2008-1456 (Array index vulnerability in the Event System in Microsoft
Windows ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows 2000
 CVE-2008-1455 (A &quot;memory calculation error&quot; in Microsoft
Office PowerPoint 2000 SP3, ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Office PowerPoint
 CVE-2008-1454 (Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4,
Server ...)
 	NOT-FOR-US: Windows issue
 CVE-2008-1453 (The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and
Vista ...)
@@ -5015,7 +5015,7 @@
 CVE-2008-1449
 	RESERVED
 CVE-2008-1448 (The MHTML protocol handler in a component of Microsoft Outlook
Express ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Outlook Express
 CVE-2008-1447 (The DNS protocol, as implemented in (1) BIND 8 and 9 before
9.5.0-P1, ...)
 	{DSA-1623-1 DSA-1619-1 DSA-1617-1 DSA-1603-1 DTSA-147-1}
 	- bind9 1:9.5.0.dfsg-5 (high)
@@ -6223,9 +6223,9 @@
 CVE-2008-0966
 	RESERVED
 CVE-2008-0965 (Unspecified vulnerability in snoop on Sun Solaris 8 through 10
and ...)
-	TODO: check
+	NOT-FOR-US: Sun Solaris and OpenSolaris
 CVE-2008-0964 (Unspecified vulnerability in snoop on Sun Solaris 8 through 10
and ...)
-	TODO: check
+	NOT-FOR-US: Sun Solaris and OpenSolaris
 CVE-2008-0963 (Format string vulnerability in EMC DiskXtender MediaStor
6.20.060 ...)
 	NOT-FOR-US: EMC DiskXtender
 CVE-2008-0962 (Stack-based buffer overflow in the File System Manager for EMC
...)
@@ -8236,9 +8236,9 @@
 	NOTE: The fix for the BIND-based resolver in GNU libc was made in 2000.
 	NOTE: libbind9 is distinct code, not related to the old libbind.
 CVE-2008-0121 (A &quot;memory calculation error&quot; in Microsoft
PowerPoint Viewer 2003 ...)
-	TODO: check
+	NOT-FOR-US: Microsoft PowerPoint Viewer
 CVE-2008-0120 (A &quot;memory allocation error&quot; in Microsoft
PowerPoint Viewer 2003 allows ...)
-	TODO: check
+	NOT-FOR-US: Microsoft PowerPoint Viewer
 CVE-2008-0119 (Unspecified vulnerability in Microsoft Publisher in Office 2000
and XP ...)
 	NOT-FOR-US: Microsoft Publisher
 CVE-2008-0118 (Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3,
2003 ...)
@@ -8334,7 +8334,7 @@
 CVE-2008-0083 (The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll)
...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2008-0082 (An ActiveX control (Messenger.UIAutomation.1) in Windows
Messenger 4.7 ...)
-	TODO: check
+	NOT-FOR-US: Windows Messenger
 CVE-2008-0081 (Unspecified vulnerability in Microsoft Excel 2000 SP3 through
2003 ...)
 	NOT-FOR-US: Microsoft
 CVE-2008-0080 (Heap-based buffer overflow in the WebDAV Mini-Redirector in
Microsoft ...)
Secure testing commits - Aug 2008 - r9576 - data/CVE

[Secure-testing-commits] r9576 - data/CVE
