Secure testing commits - Jun 2009 - r12196 - data/CVE

Author: derevko-guest
Date: 2009-06-25 16:14:52 +0000 (Thu, 25 Jun 2009)
New Revision: 12196

Modified:
   data/CVE/list
Log:
NFUs

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-06-25 15:48:32 UTC (rev 12195)
+++ data/CVE/list	2009-06-25 16:14:52 UTC (rev 12196)
@@ -5,131 +5,131 @@
 	[etch] - request-tracker3.6 <not-affected> (flaw introduced in 3.6.2)
 	- request-tracker3.8 3.8.4-1
 CVE-2009-2184 (Absolute path traversal vulnerability in forcedownload.php in
Gravy ...)
-	TODO: check
+	NOT-FOR-US: Gravy Media Photo
 CVE-2009-2183 (Directory traversal vulnerability in admin-files/ad.php in
Campsite ...)
-	TODO: check
+	NOT-FOR-US: Campsite
 CVE-2009-2182 (Multiple PHP remote file inclusion vulnerabilities in Campsite
3.3.0 ...)
-	TODO: check
+	NOT-FOR-US: Campsite
 CVE-2009-2181 (Cross-site scripting (XSS) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Campsite
 CVE-2009-2180 (Multiple directory traversal vulnerabilities in
upfiles/index.php in ...)
-	TODO: check
+	NOT-FOR-US: Pc4 Uploader
 CVE-2009-2179 (SQL injection vulnerability in search.php in phpDatingClub 3.7
allows ...)
-	TODO: check
+	NOT-FOR-US: phpDatingClub
 CVE-2009-2178 (Cross-site scripting (XSS) vulnerability in website.php in ...)
-	TODO: check
+	NOT-FOR-US: phpDatingClub
 CVE-2009-2177 (code/display.php in fuzzylime (cms) 3.03a and earlier, when ...)
-	TODO: check
+	NOT-FOR-US: fuzzylime
 CVE-2009-2176 (Multiple directory traversal vulnerabilities in fuzzylime (cms)
3.03a ...)
-	TODO: check
+	NOT-FOR-US: fuzzylime
 CVE-2009-2175 (Stack-based buffer overflow in the flattenIncrementally function
in ...)
 	TODO: check
 CVE-2009-2174 (GUPnP 0.12.7 allows remote attackers to cause a denial of
service ...)
 	TODO: check
 CVE-2009-2173 (The LAN game feature in Carom3D 5.06 allows remote authenticated
users ...)
-	TODO: check
+	NOT-FOR-US: Carom3D
 CVE-2009-2172 (Cross-site scripting (XSS) vulnerability in forum/radioandtv.php
in ...)
-	TODO: check
+	NOT-FOR-US: Radio and TV Player addon for vBulletin 
 CVE-2009-2169 (Insecure method vulnerability in the PDFVIEWER.PDFViewerCtrl.1
ActiveX ...)
-	TODO: check
+	NOT-FOR-US: Edraw PDF Viewer
 CVE-2009-2168 (cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier
sends a ...)
-	TODO: check
+	NOT-FOR-US: EgyPlus 7ammel (aka 7ml)
 CVE-2009-2167 (Multiple SQL injection vulnerabilities in cpanel/login.php in
EgyPlus ...)
-	TODO: check
+	NOT-FOR-US: EgyPlus 7ammel (aka 7ml)
 CVE-2009-2166 (Absolute path traversal vulnerability in cvs.php in OCS
Inventory NG ...)
 	TODO: check
 CVE-2009-2165 (SerendipityNZ (aka SimpleBoxes) Serene Bach 2.20R and earlier,
and ...)
-	TODO: check
+	NOT-FOR-US: SerendipityNZ (aka SimpleBoxes) Serene Bach
 CVE-2009-2164 (Multiple SQL injection vulnerabilities in Kjtechforce mailman
beta1, ...)
-	TODO: check
+	NOT-FOR-US: kjtechforce
 CVE-2009-2163 (Cross-site scripting (XSS) vulnerability in login/default.aspx
in ...)
-	TODO: check
+	NOT-FOR-US: Sitecore CMS
 CVE-2009-2162 (Cross-site scripting (XSS) vulnerability in the XOOPS MANIAC
...)
-	TODO: check
+	NOT-FOR-US: XOOPS MANIAC PukiWikiMod module
 CVE-2009-2161 (Directory traversal vulnerability in backend/admin-functions.php
in ...)
-	TODO: check
+	NOT-FOR-US: TorrentTrader
 CVE-2009-2160 (TorrentTrader Classic 1.09 allows remote attackers to (1) obtain
...)
-	TODO: check
+	NOT-FOR-US: TorrentTrader
 CVE-2009-2159 (backup-database.php in TorrentTrader Classic 1.09 does not
require ...)
-	TODO: check
+	NOT-FOR-US: TorrentTrader
 CVE-2009-2158 (account-recover.php in TorrentTrader Classic 1.09 chooses random
...)
-	TODO: check
+	NOT-FOR-US: TorrentTrader
 CVE-2009-2157 (Multiple SQL injection vulnerabilities in TorrentTrader Classic
1.09 ...)
-	TODO: check
+	NOT-FOR-US: TorrentTrader
 CVE-2009-2156 (Multiple cross-site scripting (XSS) vulnerabilities in
TorrentTrader ...)
-	TODO: check
+	NOT-FOR-US: TorrentTrader
 CVE-2009-2155 (Cross-site scripting (XSS) vulnerability in
report/ReportViewAction.do ...)
-	TODO: check
+	NOT-FOR-US: WebNMS
 CVE-2009-2154 (SQL injection vulnerability in admin/login.php in Impleo Music
...)
-	TODO: check
+	NOT-FOR-US: Impleo Music Collection
 CVE-2009-2153 (Cross-site scripting (XSS) vulnerability in index.php in Impleo
Music ...)
-	TODO: check
+	NOT-FOR-US: Impleo Music Collection
 CVE-2009-2152 (SQL injection vulnerability in a_index.php in AdaptWeb 0.9.2
allows ...)
-	TODO: check
+	NOT-FOR-US: AdaptWeb
 CVE-2009-2151 (Directory traversal vulnerability in index.php in AdaptWeb 0.9.2
...)
-	TODO: check
+	NOT-FOR-US: AdaptWeb
 CVE-2009-2150 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Campus ...)
-	TODO: check
+	NOT-FOR-US: Campus Virtual-LMS
 CVE-2009-2149 (Multiple cross-site scripting (XSS) vulnerabilities in Campus
...)
-	TODO: check
+	NOT-FOR-US: Campus Virtual-LMS
 CVE-2009-2148 (SQL injection vulnerability in news/index.php in Campus
Virtual-LMS ...)
-	TODO: check
+	NOT-FOR-US: Campus Virtual-LMS
 CVE-2009-2147 (SQL injection vulnerability in fdown.php in phpWebThings 1.5.2
and ...)
-	TODO: check
+	NOT-FOR-US: phpWebThings
 CVE-2009-2146 (Unrestricted file upload vulnerability in the Compose Email
feature in ...)
-	TODO: check
+	NOT-FOR-US: SugarCRM
 CVE-2009-2145 (Multiple cross-site scripting (XSS) vulnerabilities in
transLucid 1.75 ...)
-	TODO: check
+	NOT-FOR-US: transLucid
 CVE-2009-2144 (SQL injection vulnerability in the FireStats plugin before ...)
-	TODO: check
+	NOT-FOR-US: FireStats plugin for WordPress
 CVE-2009-2143 (PHP remote file inclusion vulnerability in
firestats-wordpress.php in ...)
-	TODO: check
+	NOT-FOR-US: FireStats plugin for WordPress
 CVE-2009-2142 (Multiple SQL injection vulnerabilities in admin/index.asp in Zip
Store ...)
-	TODO: check
+	NOT-FOR-US: Zip Store Chat
 CVE-2009-2141 (Multiple cross-site scripting (XSS) vulnerabilities in TBDev.NET
...)
-	TODO: check
+	NOT-FOR-US: TBDev.NET
 CVE-2008-6834 (Multiple directory traversal vulnerabilities in fuzzylime (cms)
3.01 ...)
-	TODO: check
+	NOT-FOR-US: fuzzylime
 CVE-2008-6833 (Directory traversal vulnerability in commsrss.php in fuzzylime
(cms) ...)
-	TODO: check
+	NOT-FOR-US: fuzzylime
 CVE-2009-2140
 	RESERVED
 CVE-2009-2139
 	RESERVED
 CVE-2009-2138 (Multiple open redirect vulnerabilities in TBDev.NET 01-01-08
allow ...)
-	TODO: check
+	NOT-FOR-US: TBDev.NET
 CVE-2009-2137 (Memory leak in the Ultra-SPARC T2 crypto provider device driver
(aka ...)
-	TODO: check
+	NOT-FOR-US: Ultra-SPARC T2 crypto provider device driver in Sun Solaris 10
 CVE-2009-2136 (Unspecified vulnerability in the TCP/IP networking stack in Sun
...)
-	TODO: check
+	NOT-FOR-US: Sun Solaris 10
 CVE-2009-2135 (Multiple race conditions in the Solaris Event Port API in Sun
Solaris ...)
-	TODO: check
+	NOT-FOR-US: Sun Solaris 10
 CVE-2009-2134 (pivot/tb.php in Pivot 1.40.4 and 1.40.7 allows remote attackers
to ...)
-	TODO: check
+	NOT-FOR-US: Pivot
 CVE-2009-2133 (Multiple cross-site scripting (XSS) vulnerabilities in Pivot
1.40.4 ...)
-	TODO: check
+	NOT-FOR-US: Pivot
 CVE-2009-2132 (Directory traversal vulnerability in global.php in 4images
before ...)
-	TODO: check
+	NOT-FOR-US: 4images
 CVE-2009-2131 (Cross-site scripting (XSS) vulnerability in 4images 1.7.7 and
earlier ...)
-	TODO: check
+	NOT-FOR-US: 4images
 CVE-2009-2130 (Elvin 1.2.0 allows remote attackers to read the PHP source code
of (1) ...)
-	TODO: check
+	NOT-FOR-US: Elvin
 CVE-2009-2129 (Cross-site request forgery (CSRF) vulnerability in login.php in
Elvin ...)
-	TODO: check
+	NOT-FOR-US: Elvin
 CVE-2009-2128 (SQL injection vulnerability in close_bug.php in Elvin before
1.2.1 ...)
-	TODO: check
+	NOT-FOR-US: Elvin
 CVE-2009-2127 (Cross-site scripting (XSS) vulnerability in show_activity.php in
Elvin ...)
-	TODO: check
+	NOT-FOR-US: Elvin
 CVE-2009-2126 (Cross-site scripting (XSS) vulnerability in close_bug.php in
Elvin ...)
-	TODO: check
+	NOT-FOR-US: Elvin
 CVE-2009-2125 (delete_bug.php in Elvin before 1.2.1 does not require
administrative ...)
-	TODO: check
+	NOT-FOR-US: Elvin
 CVE-2009-2124 (Directory traversal vulnerability in page.php in Elvin 1.2.0
allows ...)
-	TODO: check
+	NOT-FOR-US: Elvin
 CVE-2009-2123 (Multiple SQL injection vulnerabilities in Elvin 1.2.0 allow
remote ...)
-	TODO: check
+	NOT-FOR-US: Elvin
 CVE-2009-2122 (SQL injection vulnerability in viewimg.php in the Paolo
Palmonari ...)
-	TODO: check
+	NOT-FOR-US: Photoracer plugin for WordPress
 CVE-2009-2121 (Buffer overflow in the browser kernel in Google Chrome before
...)
 	TODO: check
 CVE-2009-2170 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara
1.0 ...)
@@ -1176,15 +1176,15 @@
 CVE-2009-1684 (Cross-site scripting (XSS) vulnerability in WebKit in Apple
Safari ...)
 	TODO: check
 CVE-2009-1683 (The Telephony component in Apple iPhone OS 1.0 through 2.2.1 and
...)
-	TODO: check
+	NOT-FOR-US: iPhone
 CVE-2009-1682 (Apple Safari before 4.0 does not properly check for revoked
Extended ...)
 	NOT-FOR-US: Apple Safari
 CVE-2009-1681 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1,
and ...)
 	TODO: check
 CVE-2009-1680 (Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for
iPod ...)
-	TODO: check
+	NOT-FOR-US: Safari in Apple iPhone OS
 CVE-2009-1679 (The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and
iPhone ...)
-	TODO: check
+	NOT-FOR-US: iPhone
 CVE-2008-6813 (SQL injection vulnerability in index.php in phpWebNews 0.2 MySQL
...)
 	NOT-FOR-US: phpWebNews
 CVE-2008-6812 (SQL injection vulnerability in bukutamu.php in phpWebNews 0.2
MySQL ...)
@@ -4820,9 +4820,9 @@
 CVE-2009-0692
 	RESERVED
 CVE-2009-0691 (The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for
Foxit ...)
-	TODO: check
+	NOT-FOR-US: Foxit JPEG2000/JBIG2 Decoder add-on
 CVE-2009-0690 (The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for
Foxit ...)
-	TODO: check
+	NOT-FOR-US: Foxit JPEG2000/JBIG2 Decoder add-on
 CVE-2009-0689
 	RESERVED
 CVE-2009-0688 (Multiple buffer overflows in the CMU Cyrus SASL library before
2.1.23 ...)