Author: white Date: 2009-04-12 03:57:49 +0000 (Sun, 12 Apr 2009) New Revision: 11610 Modified: data/CVE/list Log: NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-04-11 21:14:14 UTC (rev 11609) +++ data/CVE/list 2009-04-12 03:57:49 UTC (rev 11610) @@ -1,19 +1,19 @@ CVE-2009-1284 (Buffer overflow in BibTeX 0.99 allows context-dependent attackers to ...) TODO: check CVE-2009-1283 (glFusion before 1.1.3 performs authentication with a user-provided ...) - TODO: check + NOT-FOR-US: glFusion CVE-2009-1282 (SQL injection vulnerability in private/system/lib-session.php in ...) - TODO: check + NOT-FOR-US: glFusion CVE-2009-1281 (Cross-site scripting (XSS) vulnerability in glFusion before 1.1.3 ...) - TODO: check + NOT-FOR-US: glFusion CVE-2009-1280 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...) - TODO: check + NOT-FOR-US: Joomla CVE-2009-1279 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 ...) - TODO: check + NOT-FOR-US: Joomla CVE-2009-1278 (Static code injection vulnerability in forms/ajax/configure.php in ...) - TODO: check + NOT-FOR-US: Gravity Board CVE-2009-1277 (SQL injection vulnerability in index.php in Gravity Board X (GBX) 2.0 ...) - TODO: check + NOT-FOR-US: Gravity Board CVE-2009-1276 (XScreenSaver in Sun Solaris 10 and OpenSolaris before snv_109, and ...) TODO: check CVE-2009-1275 (Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other ...) @@ -21,9 +21,9 @@ CVE-2008-6682 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts ...) TODO: check CVE-2008-6681 (Cross-site scripting (XSS) vulnerability in dijit.Editor in Dojo ...) - TODO: check + NOT-FOR-US: Dojo CVE-2007-6726 (Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and ...) - TODO: check + NOT-FOR-US: Dojo CVE-2009-1273 (pam_ssh 1.92 and possibly other versions, as used when PAM is compiled ...) TODO: check CVE-2009-1272 (The php_zip_make_relative_path function in php_zip.c in PHP 5.2.x ...) @@ -43,69 +43,69 @@ CVE-2009-1264 (Frontend User Registration (sr_feuser_register) extension 2.5.20 and ...) TODO: check CVE-2009-1263 (SQL injection vulnerability in sub_commententry.php in the BookJoomlas ...) - TODO: check + NOT-FOR-US: Joomla CVE-2009-1262 (Format string vulnerability in Fortinet FortiClient 3.0.614, and ...) - TODO: check + NOT-FOR-US: Fortinet FortiClient CVE-2009-1261 (Multiple cross-site scripting (XSS) vulnerabilities in Web Help Desk ...) - TODO: check + NOT-FOR-US: Web Help Desk CVE-2009-1260 (Multiple stack-based buffer overflows in UltraISO 9.3.3.2685 and ...) - TODO: check + NOT-FOR-US: UltraISO CVE-2009-1259 (SQL injection vulnerability in inc/bb/topic.php in Insane Visions ...) - TODO: check + NOT-FOR-US: Insane Visions AdaptBB CVE-2009-1258 (SQL injection vulnerability in the RD-Autos (com_rdautos) component ...) - TODO: check + NOT-FOR-US: Joomla CVE-2009-1257 (Heap-based buffer overflow in Magic ISO Maker 5.5 build 0274 allows ...) - TODO: check + NOT-FOR-US: Magic ISO Maker CVE-2009-1256 (SQL injection vulnerability in FlexCMS 2.5 allows remote attackers to ...) - TODO: check + NOT-FOR-US: FlexCMS CVE-2009-1255 RESERVED CVE-2008-6679 (Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and ...) TODO: check CVE-2008-6678 (SQL injection vulnerability in asp/includes/contact.asp in QuickerSite ...) - TODO: check + NOT-FOR-US: QuickerSite CVE-2008-6677 (Unrestricted file upload vulnerability in ...) TODO: check CVE-2008-6676 (QuickerSite 1.8.5 allows remote attackers to obtain sensitive ...) - TODO: check + NOT-FOR-US: QuickerSite CVE-2008-6675 (Multiple cross-site scripting (XSS) vulnerabilities in QuickerSite ...) - TODO: check + NOT-FOR-US: QuickerSite CVE-2008-6674 (mailPage.asp in QuickerSite 1.8.5 allows remote attackers to flood ...) - TODO: check + NOT-FOR-US: QuickerSite CVE-2008-6673 (asp/bs_login.asp in QuickerSite 1.8.5 does not properly restrict ...) - TODO: check + NOT-FOR-US: QuickerSite CVE-2008-6672 (Vertex4 SunAge 1.08.1 and earlier allows remote attackers to cause a ...) - TODO: check + NOT-FOR-US: Vertex4 SunAge CVE-2008-6671 (Vertex4 SunAge 1.08.1 and earlier allows remote attackers to cause a ...) - TODO: check + NOT-FOR-US: Vertex4 SunAge CVE-2008-6670 (Integer overflow in Vertex4 SunAge 1.08.1 and earlier allows remote ...) - TODO: check + NOT-FOR-US: Vertex4 SunAge CVE-2008-6669 (viewrq.php in nweb2fax 0.2.7 and earlier allows remote attackers to ...) - TODO: check + NOT-FOR-US: nweb2fax CVE-2008-6668 (Multiple directory traversal vulnerabilities in nweb2fax 0.2.7 and ...) - TODO: check + NOT-FOR-US: nweb2fax CVE-2008-6667 (A+ PHP Scripts News Management System (NMS) allows remote attackers to ...) - TODO: check + NOT-FOR-US: A+ PHP Scripts News Management System (NMS) CVE-2008-6666 (Multiple cross-site scripting (XSS) vulnerabilities in Kronos webTA ...) - TODO: check + NOT-FOR-US: Kronos webTA CVE-2008-6665 (change.php in Ananta CMS 1.0b5, with magic_quotes_gpc disabled, allows ...) - TODO: check + NOT-FOR-US: Ananta CMS CVE-2008-6664 (action.php in SH-News 3.0 allows remote attackers to bypass ...) - TODO: check + NOT-FOR-US: SH-News CVE-2008-6663 (SQL injection vulnerability in profile.php in PHPAuctions.info ...) - TODO: check + NOT-FOR-US: PHPAuctions CVE-2008-6662 (AVG Anti-Virus for Linux 7.5.51, and possibly earlier, allows remote ...) - TODO: check + NOT-FOR-US: AVG Anti-Virus CVE-2008-6661 (Multiple integer overflows in the scanning engine in Bitdefender for ...) - TODO: check + NOT-FOR-US: Bitdefender CVE-2008-6660 (Unrestricted file upload vulnerability in bigdump.php in Alexey Ozerov ...) - TODO: check + NOT-FOR-US: Alexey Ozerov BigDump CVE-2008-6659 (Directory traversal vulnerability in index.php in Simple Machines ...) - TODO: check + NOT-FOR-US: Simple Machines Forum CVE-2008-6658 (Directory traversal vulnerability in index.php in Simple Machines ...) - TODO: check + NOT-FOR-US: Simple Machines Forum CVE-2008-6657 (Cross-site request forgery (CSRF) vulnerability in index.php in Simple ...) - TODO: check + NOT-FOR-US: Simple Machines Forum CVE-2007-6725 (The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly ...) TODO: check CVE-2009-XXXX [roundup: insufficient access checks in web frontend] @@ -156,107 +156,107 @@ - linux-2.6 <unfixed> - linux-2.6.24 <unfixed> CVE-2008-6656 (Multiple SQL injection vulnerabilities in Open Auto Classifieds 1.4.3b ...) - TODO: check + NOT-FOR-US: Open Auto Classifieds CVE-2008-6655 (Multiple cross-site scripting (XSS) vulnerabilities in GEDCOM_TO_MYSQL ...) - TODO: check + NOT-FOR-US: GEDCOM_TO_MYSQL CVE-2008-6654 (Cross-site scripting (XSS) vulnerability in search_results.php in ...) - TODO: check + NOT-FOR-US: InfoBiz Server CVE-2008-6653 (SQL injection vulnerability in webhosting.php in the Webhosting ...) - TODO: check + NOT-FOR-US: Joomla CVE-2008-6652 (SQL injection vulnerability in asd.php in OneCMS 2.5 allows remote ...) - TODO: check + NOT-FOR-US: OneCMS CVE-2008-6651 (Static code injection vulnerability in edithistory.php in OxYProject ...) - TODO: check + NOT-FOR-US: OxYProject OxYBox CVE-2008-6650 (del.php in miniBloggie 1.0 allows remote attackers to delete arbitrary ...) - TODO: check + NOT-FOR-US: miniBloggie CVE-2008-6649 (SQL injection vulnerability in manager/image_details_editor.php in ...) - TODO: check + NOT-FOR-US: Ktools PhotoStore CVE-2008-6648 (SQL injection vulnerability in crumbs.php in Ktools PhotoStore 3.4.3 ...) - TODO: check + NOT-FOR-US: Ktools PhotoStore CVE-2008-6647 (SQL injection vulnerability in gallery.php in Ktools PhotoStore 3.4.3 ...) - TODO: check + NOT-FOR-US: Ktools PhotoStore CVE-2008-6646 (Cross-site scripting (XSS) vulnerability in index.php in CoronaMatrix ...) - TODO: check + NOT-FOR-US: CoronaMatrix phpAddressBook CVE-2008-6645 (Cross-site scripting (XSS) vulnerability in Opencosmo VisualSentinel ...) - TODO: check + NOT-FOR-US: Opencosmo VisualSentinel CVE-2008-6644 (Cross-site scripting (XSS) vulnerability in Default.aspx in DotNetNuke ...) - TODO: check + NOT-FOR-US: DotNetNuke CVE-2008-6643 (LokiCMS 0.3.4 and possibly earlier versions does not properly restrict ...) - TODO: check + NOT-FOR-US: LokiCMS CVE-2008-6642 (SQL injection vulnerability in view.php in DotContent FluentCMS 4.x ...) - TODO: check + NOT-FOR-US: DotContent FluentCMS CVE-2008-6641 (Multiple SQL injection vulnerabilities in Shader TV (Beta) allow ...) - TODO: check + NOT-FOR-US: Shader TV CVE-2008-6640 (Multiple SQL injection vulnerabilities in BatmanPorTaL allow remote ...) - TODO: check + NOT-FOR-US: BatmanPorTaL CVE-2008-6639 (Cross-site request forgery (CSRF) vulnerability in admin.php in ...) - TODO: check + NOT-FOR-US: AjaXplorer CVE-2008-6638 (Insecure method vulnerability in the Versalsoft HTTP Image Uploader ...) - TODO: check + NOT-FOR-US: Versalsoft HTTP Image Uploader ActiveX CVE-2008-6637 (Multiple cross-site scripting (XSS) vulnerabilities in forgotPW.php in ...) - TODO: check + NOT-FOR-US: Library Video Company SAFARI Montage CVE-2008-6636 (SQL injection vulnerability in skins/default.php in Geody Labs Dagger ...) - TODO: check + NOT-FOR-US: Geody Labs Dagger CVE-2008-6635 (SQL injection vulnerability in skins/default.php in Geody Labs Dagger ...) - TODO: check + NOT-FOR-US: Geody Labs Dagger CVE-2008-6634 (SQL injection vulnerability in RoomPHPlanning 1.5 allows remote ...) - TODO: check + NOT-FOR-US: RoomPHPlanning CVE-2008-6633 (SQL injection vulnerability in RoomPHPlanning 1.5 allows remote ...) - TODO: check + NOT-FOR-US: RoomPHPlanning CVE-2008-6632 (SQL injection vulnerability in func/login.php in MercuryBoard 1.1.5 ...) - TODO: check + NOT-FOR-US: MercuryBoard CVE-2008-6631 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) - TODO: check + NOT-FOR-US: BlogPHP CVE-2008-6630 (Directory traversal vulnerability in the wt_gallery extension 2.5.0 ...) TODO: check CVE-2008-6629 (Cross-site scripting (XSS) vulnerability in detail.php in WEBBDOMAIN ...) - TODO: check + NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online CVE-2008-6628 (SQL injection vulnerability in detail.php in WEBBDOMAIN Multi ...) - TODO: check + NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online CVE-2008-6627 (SQL injection vulnerability in getin.php in WEBBDOMAIN WebShop 1.2, ...) - TODO: check + NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online CVE-2008-6626 (SQL injection vulnerability in getin.php in WEBBDOMAIN Quiz 1.02 and ...) - TODO: check + NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online CVE-2008-6625 (SQL injection vulnerability in getin.php in WEBBDOMAIN Polls (aka ...) - TODO: check + NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online CVE-2008-6624 (SQL injection vulnerability in getin.php in WEBBDOMAIN Petition 1.02, ...) - TODO: check + NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online CVE-2008-6623 (SQL injection vulnerability in getin.php in WEBBDOMAIN Post Card (aka ...) - TODO: check + NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online CVE-2008-6622 (SQL injection vulnerability in choosecard.php in WEBBDOMAIN Post Card ...) - TODO: check + NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online CVE-2008-6621 (Unspecified vulnerability in GraphicsMagick before 1.2.3 allows remote ...) TODO: check CVE-2008-6620 (Multiple cross-site scripting (XSS) vulnerabilities in ...) - TODO: check + NOT-FOR-US: GraFX miniCWB CVE-2008-6619 (Unrestricted file upload vulnerability in class/ApplyDB.php in ...) - TODO: check + NOT-FOR-US: ClassSystem CVE-2008-6618 (Multiple SQL injection vulnerabilities in ClassSystem 2.3 allow remote ...) - TODO: check + NOT-FOR-US: ClassSystem CVE-2008-6617 (Unrestricted file upload vulnerability in adm/visual/upload.php in ...) - TODO: check + NOT-FOR-US: SiteXS CMS CVE-2008-6616 (Cross-site scripting (XSS) vulnerability in index.php in Zen Software ...) - TODO: check + NOT-FOR-US: Zen Software Zen Cart CVE-2008-6615 (SQL injection vulnerability in index.php in Zen Software Zen Cart 2008 ...) - TODO: check + NOT-FOR-US: Zen Software Zen Cart CVE-2008-6614 (Multiple SQL injection vulnerabilities in microcms-admin-login.php in ...) - TODO: check + NOT-FOR-US: Micro CMS CVE-2008-6613 (uploader.php in minimal-ablog 0.4 does not properly restrict access, ...) - TODO: check + NOT-FOR-US: minimal-ablog CVE-2008-6612 (Unrestricted file upload vulnerability in admin/uploader.php in ...) - TODO: check + NOT-FOR-US: minimal-ablog CVE-2008-6611 (SQL injection vulnerability in index.php in Minimal ABlog 0.4 allows ...) - TODO: check + NOT-FOR-US: minimal-ablog CVE-2008-6610 (Absolute path traversal vulnerability in phpcksec.php in Stefan Ott ...) - TODO: check + NOT-FOR-US: phpcksec CVE-2008-6609 (Cross-site scripting (XSS) vulnerability in phpcksec.php in Stefan Ott ...) - TODO: check + NOT-FOR-US: phpcksec CVE-2008-6608 (Multiple SQL injection vulnerabilities in DevelopItEasy Events ...) - TODO: check + NOT-FOR-US: DevelopItEasy Events Calendar CVE-2008-6607 (Cross-site scripting (XSS) vulnerability in view.php in MatPo Link 1.2 ...) - TODO: check + NOT-FOR-US: MatPo Link CVE-2008-6606 (SQL injection vulnerability in view.php in MatPo Link 1.2 Beta allows ...) - TODO: check + NOT-FOR-US: MatPo Link CVE-2008-6605 (Cross-site request forgery (CSRF) vulnerability in the xslt script in ...) TODO: check CVE-2009-1241 (Unspecified vulnerability in ClamAV before 0.95 allows remote ...) @@ -266,39 +266,39 @@ CVE-2009-1239 (IBM DB2 9.1 before FP7 returns incorrect query results in certain ...) NOT-FOR-US: IBM DB2 CVE-2008-6604 (Directory traversal vulnerability in index.php in PicoFlat CMS 0.5.9 ...) - TODO: check + NOT-FOR-US: PicoFlat CMS CVE-2008-6603 (MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when ...) TODO: check CVE-2008-6602 (Unspecified vulnerability in Download Center Lite before 2.1 has ...) - TODO: check + NOT-FOR-US: Download Center Lite CVE-2008-6601 (Unspecified vulnerability in Epona 1.5rc3 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Epona CVE-2008-6600 (Cross-site scripting (XSS) vulnerability in the search feature in ...) - TODO: check + NOT-FOR-US: XMLPortal CVE-2008-6599 (cookiecheck.php in CookieCheck 1.0 stores tmp/cc_sessions under the ...) - TODO: check + NOT-FOR-US: CookieCheck CVE-2008-6598 (Multiple race conditions in WANPIPE before 3.3.6 have unknown impact ...) - TODO: check + NOT-FOR-US: WANPIPE CVE-2008-6597 (Cross-site scripting (XSS) vulnerability in upload/install/index.php ...) - TODO: check + NOT-FOR-US: PHCDownload CVE-2008-6596 (SQL injection vulnerability in admin/index.php in PHCDownload 1.1 ...) - TODO: check + NOT-FOR-US: PHCDownload CVE-2008-6595 (SQL injection vulnerability in the pmk_rssnewsexport extension for ...) TODO: check CVE-2008-6594 (SQL injection vulnerability in the cm_rdfexport extension for TYPO3 ...) TODO: check CVE-2008-6593 (SQL injection vulnerability in LightNEasy/lightneasy.php in LightNEasy ...) - TODO: check + NOT-FOR-US: LightNEasy SQLite CVE-2008-6592 (thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" ...) - TODO: check + NOT-FOR-US: LightNEasy SQLite CVE-2008-6591 (LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite ...) - TODO: check + NOT-FOR-US: LightNEasy SQLite CVE-2008-6590 (Multiple directory traversal vulnerabilities in LightNEasy "no ...) - TODO: check + NOT-FOR-US: LightNEasy SQLite CVE-2008-6589 (Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy "no ...) - TODO: check + NOT-FOR-US: LightNEasy SQLite CVE-2008-6588 (Aztech ADSL2/2+ 4-port router has a default "isp" account with a ...) - TODO: check + NOT-FOR-US: Aztech port router CVE-2008-6587 (Cross-site request forgery (CSRF) vulnerability in index.tmpl in Vuze ...) TODO: check CVE-2008-6586 (Cross-site request forgery (CSRF) vulnerability in gui/index.php in ...) @@ -308,7 +308,7 @@ CVE-2008-6584 (html/index.php in TorrentFlux 2.3 allows remote authenticated users to ...) TODO: check CVE-2008-6583 (Buffer overflow in BS.player 2.27 build 959 allows remote attackers to ...) - TODO: check + NOT-FOR-US: BS.player CVE-2009-1274 (Integer overflow in the qt_error parse_trak_atom function in ...) - xine-lib <unfixed> (medium; bug #522811) NOTE: http://trapkit.de/advisories/TKADV2009-005.txt