Secure testing commits - Apr 2009 - r11620 - data/CVE

Author: kees
Date: 2009-04-13 23:27:30 +0000 (Mon, 13 Apr 2009)
New Revision: 11620

Modified:
   data/CVE/list
Log:
NFUs: 42

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-04-13 21:14:14 UTC (rev 11619)
+++ data/CVE/list	2009-04-13 23:27:30 UTC (rev 11620)
@@ -1,69 +1,69 @@
 CVE-2009-1285
 	RESERVED
 CVE-2008-6714 (admin.php in xeCMS 1.0.0 RC2 and earlier allows remote attackers
to ...)
-	TODO: check
+	NOT-FOR-US: xeCMS
 CVE-2008-6713 (World in Conflict (WIC) 1.008 and earlier allows remote
attackers to ...)
-	TODO: check
+	NOT-FOR-US: World in Conflict
 CVE-2008-6712 (The HTTP/XML-RPC service in Crysis 1.21 (game version
1.1.1.6156) and ...)
-	TODO: check
+	NOT-FOR-US: Crysis
 CVE-2008-6711 (Unspecified vulnerability in the Web administration interface in
Avaya ...)
-	TODO: check
+	NOT-FOR-US: Avaya Communication Manager
 CVE-2008-6710 (Unspecified vulnerability in the Web administration interface in
Avaya ...)
-	TODO: check
+	NOT-FOR-US: Avaya Communication Manager
 CVE-2008-6709 (Unspecified vulnerability in the Web management interface in
Avaya SIP ...)
-	TODO: check
+	NOT-FOR-US: Avaya SIP Enablement Services
 CVE-2008-6708 (Unspecified vulnerability in the Web management interface in
Avaya SIP ...)
-	TODO: check
+	NOT-FOR-US: Avaya SIP Enablement Services
 CVE-2008-6707 (The Web management interface in Avaya SIP Enablement Services
(SES) ...)
-	TODO: check
+	NOT-FOR-US: Avaya SIP Enablement Services
 CVE-2008-6706 (Multiple unspecified vulnerabilities in the Web management
interface ...)
-	TODO: check
+	NOT-FOR-US: Avaya SIP Enablement Services
 CVE-2008-6705 (The MultipacketReciever::RecievePacket function in
S.T.A.L.K.E.R.: ...)
-	TODO: check
+	NOT-FOR-US: S.T.A.L.K.E.R.: Shadow of Chernobyl
 CVE-2008-6704 (Integer overflow in the NET_Compressor::Decompress function in
...)
-	TODO: check
+	NOT-FOR-US: S.T.A.L.K.E.R.: Shadow of Chernobyl
 CVE-2008-6703 (Stack-based buffer overflow in the IPureServer::_Recieve
function in ...)
-	TODO: check
+	NOT-FOR-US: S.T.A.L.K.E.R.: Shadow of Chernobyl
 CVE-2008-6702 (S.T.A.L.K.E.R.: Shadow of Chernobyl 1.0006 and earlier allows
remote ...)
-	TODO: check
+	NOT-FOR-US: S.T.A.L.K.E.R.: Shadow of Chernobyl
 CVE-2008-6701 (NetScout (formerly Network General) Visualizer V2100 and
InfiniStream ...)
-	TODO: check
+	NOT-FOR-US: NetScout Visualizer
 CVE-2008-6700 (Multiple cross-site scripting (XSS) vulnerabilities in Butterfly
...)
-	TODO: check
+	NOT-FOR-US: Butterfly Organizer
 CVE-2008-6699 (Cross-site scripting (XSS) vulnerability in Resource Library
...)
-	TODO: check
+	NOT-FOR-US: Resource Library extension for TYPO3
 CVE-2008-6698 (Cross-site scripting (XSS) vulnerability in TARGET-E WorldCup
Bets ...)
-	TODO: check
+	NOT-FOR-US: WorldCup Bets extension for TYPO3
 CVE-2008-6697 (SQL injection vulnerability in TARGET-E WorldCup Bets (worldcup)
2.0.0 ...)
-	TODO: check
+	NOT-FOR-US: WorldCup Bets extension for TYPO3
 CVE-2008-6696 (SQL injection vulnerability in Fussballtippspiel (toto) 0.1.1
and ...)
-	TODO: check
+	NOT-FOR-US: Fussballtippspiel extension for TYPO3
 CVE-2008-6695 (SQL injection vulnerability in TIMTAB social bookmark icons ...)
-	TODO: check
+	NOT-FOR-US: TIMTAB social bookmark icons extension for TYPO3
 CVE-2008-6694 (SQL injection vulnerability in Random Prayer (ste_prayer) 0.0.1
for ...)
-	TODO: check
+	NOT-FOR-US: Random Prayer extension for TYPO3
 CVE-2008-6693 (SQL injection vulnerability in Download system (sb_downloader)
...)
-	TODO: check
+	NOT-FOR-US: Download system extension for TYPO3
 CVE-2008-6692 (SQL injection vulnerability in Diocese of Portsmouth Training
Courses ...)
-	TODO: check
+	NOT-FOR-US: Training Courses extension for TYPO3
 CVE-2008-6691 (SQL injection vulnerability in Diocese of Portsmouth Calendar
Today ...)
-	TODO: check
+	NOT-FOR-US: Calendar Today extension for TYPO3
 CVE-2008-6690 (Unspecified vulnerability in nepa-design.de Spam Protection ...)
-	TODO: check
+	NOT-FOR-US: Spam Protection extension for TYPO3
 CVE-2008-6689 (SQL injection vulnerability in JobControl (dmmjobcontrol) 1.15.0
and ...)
-	TODO: check
+	NOT-FOR-US: JobControl extension for TYPO3
 CVE-2008-6688 (Cross-site scripting (XSS) vulnerability in JobControl
(dmmjobcontrol) ...)
-	TODO: check
+	NOT-FOR-US: JobControl extension for TYPO3
 CVE-2008-6687 (Cross-site scripting (XSS) vulnerability in DCD GoogleMap ...)
-	TODO: check
+	NOT-FOR-US: DCD GoogleMap extension for TYPO3
 CVE-2008-6686 (SQL injection vulnerability in CoolURI (cooluri) 1.0.11 and
earlier ...)
-	TODO: check
+	NOT-FOR-US: CoolURI extension for TYPO3
 CVE-2008-6685 (Unspecified vulnerability in Frontend Filemanager
(air_filemanager) ...)
-	TODO: check
+	NOT-FOR-US: Frontend Filemanager extension for TYPO3
 CVE-2008-6684 (Unrestricted file upload vulnerability in editimage.php in
Apartment ...)
-	TODO: check
+	NOT-FOR-US: Apartment Search Script
 CVE-2008-6683 (Cross-site scripting (XSS) vulnerability in listtest.php in
Apartment ...)
-	TODO: check
+	NOT-FOR-US: Apartment Search Script
 CVE-2009-XXXX [mpg123 possible invalid read]
 	- mpg123 1.7.2-1 (low)
 	NOTE: http://secunia.com/advisories/34587/3/
@@ -87,11 +87,11 @@
 CVE-2009-1277 (SQL injection vulnerability in index.php in Gravity Board X
(GBX) 2.0 ...)
 	NOT-FOR-US: Gravity Board
 CVE-2009-1276 (XScreenSaver in Sun Solaris 10 and OpenSolaris before snv_109,
and ...)
-	TODO: check
+	NOT-FOR-US: Sun Solaris
 CVE-2009-1275 (Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and
other ...)
-	TODO: check
+	NOT-FOR-US: Apache Tiles
 CVE-2008-6682 (Multiple cross-site scripting (XSS) vulnerabilities in Apache
Struts ...)
-	TODO: check
+	NOT-FOR-US: Apache Struts 2.x
 CVE-2008-6681 (Cross-site scripting (XSS) vulnerability in dijit.Editor in Dojo
...)
 	NOT-FOR-US: Dojo
 CVE-2007-6726 (Multiple cross-site scripting (XSS) vulnerabilities in Dojo
0.4.1 and ...)
@@ -113,7 +113,7 @@
 CVE-2009-1265 (Integer overflow in rose_sendmsg (sys/net/af_rose.c) in the
Linux ...)
 	TODO: check
 CVE-2009-1264 (Frontend User Registration (sr_feuser_register) extension 2.5.20
and ...)
-	TODO: check
+	NOT-FOR-US: Frontend User Registration (sr_feuser_register) extension
 CVE-2009-1263 (SQL injection vulnerability in sub_commententry.php in the
BookJoomlas ...)
 	NOT-FOR-US: Joomla
 CVE-2009-1262 (Format string vulnerability in Fortinet FortiClient 3.0.614, and
...)
@@ -137,7 +137,7 @@
 CVE-2008-6678 (SQL injection vulnerability in asp/includes/contact.asp in
QuickerSite ...)
 	NOT-FOR-US: QuickerSite
 CVE-2008-6677 (Unrestricted file upload vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: QuickerSite
 CVE-2008-6676 (QuickerSite 1.8.5 allows remote attackers to obtain sensitive
...)
 	NOT-FOR-US: QuickerSite
 CVE-2008-6675 (Multiple cross-site scripting (XSS) vulnerabilities in
QuickerSite ...)
@@ -280,7 +280,7 @@
 CVE-2008-6631 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
 	NOT-FOR-US: BlogPHP
 CVE-2008-6630 (Directory traversal vulnerability in the wt_gallery extension
2.5.0 ...)
-	TODO: check
+	NOT-FOR-US: wt_gallery extension for TYPO3
 CVE-2008-6629 (Cross-site scripting (XSS) vulnerability in detail.php in
WEBBDOMAIN ...)
 	NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online
 CVE-2008-6628 (SQL injection vulnerability in detail.php in WEBBDOMAIN Multi
...)
@@ -330,7 +330,7 @@
 CVE-2008-6606 (SQL injection vulnerability in view.php in MatPo Link 1.2 Beta
allows ...)
 	NOT-FOR-US: MatPo Link
 CVE-2008-6605 (Cross-site request forgery (CSRF) vulnerability in the xslt
script in ...)
-	TODO: check
+	NOT-FOR-US: 2wire
 CVE-2009-1241 (Unspecified vulnerability in ClamAV before 0.95 allows remote
...)
 	- clamav 0.95+dfsg-1
 CVE-2009-1240 (Unspecified vulnerability in the IBM Proventia engine 4.9.0.0.44
...)
@@ -357,7 +357,7 @@
 CVE-2008-6596 (SQL injection vulnerability in admin/index.php in PHCDownload
1.1 ...)
 	NOT-FOR-US: PHCDownload
 CVE-2008-6595 (SQL injection vulnerability in the pmk_rssnewsexport extension
for ...)
-	TODO: check
+	NOT-FOR-US: pmk_rssnewsexport extension for TYPO3
 CVE-2008-6594 (SQL injection vulnerability in the cm_rdfexport extension for
TYPO3 ...)
 	TODO: check
 CVE-2008-6593 (SQL injection vulnerability in LightNEasy/lightneasy.php in
LightNEasy ...)
@@ -375,7 +375,7 @@
 CVE-2008-6587 (Cross-site request forgery (CSRF) vulnerability in index.tmpl in
Vuze ...)
 	TODO: check
 CVE-2008-6586 (Cross-site request forgery (CSRF) vulnerability in gui/index.php
in ...)
-	TODO: check
+	NOT-FOR-US: ?Torrent (uTorrent) WebUI
 CVE-2008-6585 (Cross-site request forgery (CSRF) vulnerability in
html/admin.php in ...)
 	TODO: check
 CVE-2008-6584 (html/index.php in TorrentFlux 2.3 allows remote authenticated
users to ...)
@@ -7096,7 +7096,7 @@
 CVE-2008-4917 (Unspecified vulnerability in VMware Workstation 5.5.8 and
earlier, and ...)
 	NOT-FOR-US: VMware Workstation
 CVE-2008-4916 (Unspecified vulnerability in a guest virtual device driver in
VMware ...)
-	TODO: check
+	NOT-FOR-US: VMWare
 CVE-2008-4915 (The CPU hardware emulation in VMware Workstation 6.0.5 and
earlier and ...)
 	NOT-FOR-US: VMware Workstation
 CVE-2008-4914 (Unspecified vulnerability in VMware ESXi 3.5 before ...)