thr3ads.net - Secure testing commits - [Secure-testing-commits] r12582

If this information is useful, please help other people find it:
Share via:
James Strandboge
2009-Aug-13 18:49 UTC
[Secure-testing-commits] r12582 - data/CVE

Author: jamie-guest
Date: 2009-08-13 18:49:16 +0000 (Thu, 13 Aug 2009)
New Revision: 12582

Modified:
   data/CVE/list
Log:
NFUs

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-08-12 21:14:15 UTC (rev 12581)
+++ data/CVE/list	2009-08-13 18:49:16 UTC (rev 12582)
@@ -1,3 +1,27 @@
+CVE-2009-2761
+	NOT-FOR-US: Avira AntiVir
+CVE-2008-6972
+	NOT-FOR-US: Drupal Content Construction Kit (third-party module)
+CVE-2008-6971
+	NOT-FOR-US: Simple Machines Forum
+CVE-2008-6970
+	NOT-FOR-US: UBB.threads
+CVE-2008-6969
+	NOT-FOR-US: Avactis Shopping Cart
+CVE-2008-6968
+	NOT-FOR-US: Pligg CMS
+CVE-2008-6967
+	NOT-FOR-US: Alt-N MDaemon
+CVE-2008-6966
+	NOT-FOR-US: AJ Square AJ Auction Pro Platinum Skin #1
+CVE-2008-6965
+	NOT-FOR-US: AJ Square AJ Auction OOPD
+CVE-2008-6964
+	NOT-FOR-US: X7 Chat
+CVE-2008-6963
+	NOT-FOR-US: TurnkeyForms Text Link Sales
+CVE-2008-6962
+	NOT-FOR-US: Avira AntiVir Premium
 CVE-2009-2760
 	RESERVED
 CVE-2009-2759
@@ -41,75 +65,75 @@
 CVE-2009-2740
 	RESERVED
 CVE-2009-2739 (Cross-site scripting (XSS) vulnerability in FreeNAS before
0.69.2 ...)
-	TODO: check
+	NOT-FOR-US: FreeNAS
 CVE-2009-2738 (Cross-site request forgery (CSRF) vulnerability in the WebGUI in
...)
-	TODO: check
+	NOT-FOR-US: FreeNAS
 CVE-2008-6960 (download.php in X10media x10 Automatic Mp3 Search Engine Script
1.5.5 ...)
-	TODO: check
+	NOT-FOR-US: X10media
 CVE-2008-6959 (Insecure method vulnerability in the Chilkat Socket ActiveX
control ...)
-	TODO: check
+	NOT-FOR-US: ActiveX
 CVE-2008-6958 (wap/index.php in Crossday Discuz! Board 6.x and 7.x allows
remote ...)
-	TODO: check
+	NOT-FOR-US: Crossday Discuz! Board
 CVE-2008-6957 (member.php in Crossday Discuz! Board allows remote attackers to
reset ...)
-	TODO: check
+	NOT-FOR-US: Crossday Discuz! Board
 CVE-2008-6956 (Static code injection vulnerability in admin/admin.php in
mxCamArchive ...)
-	TODO: check
+	NOT-FOR-US: mxCamArchive
 CVE-2008-6955 (mxCamArchive 2.2 stores sensitive information under the web root
with ...)
-	TODO: check
+	NOT-FOR-US: mxCamArchive
 CVE-2008-6954 (The web interface (CobblerWeb) in Cobbler before 1.2.9 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: Cobbler
 CVE-2008-6953 (Buffer overflow in oovoo.exe in ooVoo 1.7.1.35, and possibly
other ...)
-	TODO: check
+	NOT-FOR-US: ooVoo
 CVE-2008-6952 (SQL injection vulnerability in Rss.php in MauryCMS 0.53.2 and
earlier ...)
-	TODO: check
+	NOT-FOR-US: MauryCMS
 CVE-2008-6951 (MauryCMS 0.53.2 and earlier does not require administrative ...)
-	TODO: check
+	NOT-FOR-US: MauryCMS
 CVE-2008-6950 (Multiple SQL injection vulnerabilities in login.asp in Bankoi
...)
-	TODO: check
+	NOT-FOR-US: Bankoi WebHosting Control Panel
 CVE-2008-6949 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
-	TODO: check
+	NOT-FOR-US: Collabtive
 CVE-2008-6948 (Unrestricted file upload vulnerability in Collabtive 0.4.8
allows ...)
-	TODO: check
+	NOT-FOR-US: Collabtive
 CVE-2008-6947 (Collabtive 0.4.8 allows remote attackers to bypass
authentication and ...)
-	TODO: check
+	NOT-FOR-US: Collabtive
 CVE-2008-6946 (Cross-site scripting (XSS) vulnerability in manageproject.php in
...)
-	TODO: check
+	NOT-FOR-US: Collabtive
 CVE-2008-6945 (Multiple cross-site scripting (XSS) vulnerabilities in
Interchange 5.7 ...)
 	TODO: check
 CVE-2008-6944 (Unrestricted file upload vulnerability in ScriptsFeed Auto
Classifieds ...)
-	TODO: check
+	NOT-FOR-US: ScriptsFeed Auto Classifieds
 CVE-2008-6943 (Unrestricted file upload vulnerability in ScriptsFeed Recipes
Listing ...)
-	TODO: check
+	NOT-FOR-US: ScriptsFeed Recipes Listing Portal
 CVE-2008-6942 (Unrestricted file upload vulnerability in ScriptsFeed Realtor
...)
-	TODO: check
+	NOT-FOR-US: ScriptsFeed Realtor Classifieds System
 CVE-2008-6941 (SQL injection vulnerability in the login functionality in
TurnkeyForms ...)
-	TODO: check
+	NOT-FOR-US: TurnkeyForms Web Hosting Directory
 CVE-2008-6940 (TurnkeyForms Web Hosting Directory stores sensitive information
under ...)
-	TODO: check
+	NOT-FOR-US: TurnkeyForms Web Hosting Directory
 CVE-2008-6939 (TurnkeyForms Web Hosting Directory allows remote attackers to
bypass ...)
-	TODO: check
+	NOT-FOR-US: TurnkeyForms Web Hosting Directory
 CVE-2008-6938 (Pi3Web 2.0.3 before PL2, when installed on Windows as a desktop
...)
-	TODO: check
+	NOT-FOR-US: Pi3Web
 CVE-2008-6937 (Argument injection vulnerability in Exodus 0.10 allows remote
...)
-	TODO: check
+	NOT-FOR-US: Exodus
 CVE-2008-6936 (Argument injection vulnerability in Exodus 0.10 allows remote
...)
-	TODO: check
+	NOT-FOR-US: Exodus
 CVE-2008-6935 (Argument injection vulnerability in Exodus 0.10 allows remote
...)
-	TODO: check
+	NOT-FOR-US: Exodus
 CVE-2008-6934 (Static code injection vulnerability in Sanus|artificium (aka
Sanusart) ...)
-	TODO: check
+	NOT-FOR-US: Sanus|artificium (aka Sanusart)
 CVE-2008-6933 (Directory traversal vulnerability in index.php in MiniGal b13
(aka ...)
-	TODO: check
+	NOT-FOR-US: MiniGal
 CVE-2008-6932 (Unrestricted file upload vulnerability in submit_file.php in
...)
-	TODO: check
+	NOT-FOR-US: AlstraSoft SendIt Pro
 CVE-2008-6931 (Unrestricted file upload vulnerability in PHPStore Job Search
(aka ...)
-	TODO: check
+	NOT-FOR-US: PHPStore Job Search (aka PHPCareers)
 CVE-2008-6930 (Unrestricted file upload vulnerability in PHPStore Real Estate
allows ...)
-	TODO: check
+	NOT-FOR-US: PHPStore Real Estate
 CVE-2008-6929 (Unrestricted file upload vulnerability in PHPStore Auto
Classifieds ...)
-	TODO: check
+	NOT-FOR-US: PHPStore Auto Classifieds
 CVE-2008-6928 (Unrestricted file upload vulnerability in PHPStore Complete ...)
-	TODO: check
+	NOT-FOR-US: PHPStore Complete Classifieds
 CVE-2009-2737 (The EditCSVAction function in cgi/actions.py in Roundup 1.2
before ...)
 	{DSA-1754-1}
 	- roundup 1.4.4-4+lenny1 (bug #518768)
@@ -156,25 +180,25 @@
 CVE-2009-2716 (The plugin functionality in Sun Java SE 6 before Update 15 does
not ...)
 	TODO: check
 CVE-2008-6927 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2008-6926 (Directory traversal vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: cPanel
 CVE-2008-6925 (Cross-site scripting (XSS) vulnerability in function.php in
Zenphoto ...)
-	TODO: check
+	NOT-FOR-US: Zenphoto
 CVE-2008-6924 (Multiple cross-site scripting (XSS) vulnerabilities in
register.php in ...)
-	TODO: check
+	NOT-FOR-US: eSyndiCat Directory
 CVE-2008-6923 (SQL injection vulnerability in the content component
(com_content) ...)
-	TODO: check
+	NOT-FOR-US: Joomla!
 CVE-2008-6922 (Multiple stack-based buffer overflows in CMailCOM.dll in
CMailServer ...)
-	TODO: check
+	NOT-FOR-US: CMailServer
 CVE-2008-6921 (Unrestricted file upload vulnerability in index.php in
phpAdBoard 1.8 ...)
-	TODO: check
+	NOT-FOR-US: phpAdBoard
 CVE-2008-6920 (Unrestricted file upload vulnerability in auth.php in
phpEmployment ...)
-	TODO: check
+	NOT-FOR-US: phpEmployment
 CVE-2008-6919 (profileedit.php TaskDriver 1.3 and earlier allows remote
attackers to ...)
-	TODO: check
+	NOT-FOR-US: TaskDriver 1.3
 CVE-2008-6918 (Unrestricted file upload vulnerability in admin/galeria.php in
...)
-	TODO: check
+	NOT-FOR-US: ThePortal2
 CVE-2009-XXXX [wordpress password reset]
 	- wordpress 2.8.3-2 (unimportant; bug #541102)
 	[lenny] - wordpress <not-affected> (Vulnerable code not present)
@@ -913,11 +937,11 @@
 CVE-2009-2497
 	RESERVED
 CVE-2009-2496 (Heap-based buffer overflow in the Office Web Components ActiveX
...)
-	TODO: check
+	NOT-FOR-US: Microsoft Office XP
 CVE-2009-2495 (The Active Template Library (ATL) in Microsoft Visual Studio
.NET 2003 ...)
 	NOT-FOR-US: Microsoft Visual Studio .NET
 CVE-2009-2494 (The Active Template Library (ATL) in Microsoft Windows 2000 SP4,
XP ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2009-2493 (The Active Template Library (ATL) in Microsoft Visual Studio
.NET 2003 ...)
 	NOT-FOR-US: Microsoft Visual Studio .NET
 CVE-2009-2492 (Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six
Apart ...)
@@ -1774,13 +1798,13 @@
 CVE-2009-2200 (WebKit in Apple Safari before 4.0.3 does not properly restrict
the URL ...)
 	TODO: check
 CVE-2009-2199 (Incomplete blacklist vulnerability in WebKit in Apple Safari
before ...)
-	TODO: check
+	NOT-FOR-US: Apple Safari
 CVE-2009-2198 (Apple GarageBand before 5.1 reconfigures Safari to accept all
cookies ...)
 	NOT-FOR-US: Apple GarageBand
 CVE-2009-2197
 	RESERVED
 CVE-2009-2196 (Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: Apple Safari
 CVE-2009-2195 (Buffer overflow in WebKit in Apple Safari before 4.0.3 allows
remote ...)
 	TODO: check
 CVE-2009-2194 (Apple Mac OS X 10.5 before 10.5.8 does not properly share file
...)
@@ -2175,7 +2199,7 @@
 CVE-2009-2027 (The Installer in Apple Safari before 4.0 on Windows allows local
users ...)
 	NOT-FOR-US: Apple Safari
 CVE-2009-2026 (Stack-based buffer overflow in a token searching function in the
...)
-	TODO: check
+	NOT-FOR-US: CA Software Delivery
 CVE-2009-2025 (admin/login.php in DM FileManager 3.9.2 allows remote attackers
to ...)
 	NOT-FOR-US: DM FileManager
 CVE-2009-2024 (Vlad Titarenko ASP VT Auth 1.0 stores sensitive information
under the ...)
@@ -2417,9 +2441,9 @@
 CVE-2009-1931
 	RESERVED
 CVE-2009-1930 (The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and
SP3, ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2009-1929 (Heap-based buffer overflow in the Microsoft Terminal Services
Client ...)
-	TODO: check
+	NOT-FOR-US: ActiveX
 CVE-2009-1928
 	RESERVED
 CVE-2009-1927
@@ -2429,11 +2453,11 @@
 CVE-2009-1925
 	RESERVED
 CVE-2009-1924 (Integer overflow in the Windows Internet Name Service (WINS)
component ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2009-1923 (Heap-based buffer overflow in the Windows Internet Name Service
(WINS) ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2009-1922 (The Message Queuing (aka MSMQ) service for Microsoft Windows
2000 SP4, ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2009-1921
 	RESERVED
 CVE-2009-1920
@@ -3484,11 +3508,11 @@
 CVE-2009-1547
 	RESERVED
 CVE-2009-1546 (Integer overflow in the Windows Media file handling
functionality in ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2009-1545 (Unspecified vulnerability in the Windows Media file handling
...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2009-1544 (Double free vulnerability in the Workstation service in
Microsoft ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2009-1543
 	RESERVED
 CVE-2009-1542 (The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004
SP1, ...)
@@ -3504,11 +3528,11 @@
 CVE-2009-1537 (Unspecified vulnerability in the QuickTime Movie Parser Filter
in ...)
 	NOT-FOR-US: Microsoft DirectX
 CVE-2009-1536 (ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold
and ...)
-	TODO: check
+	NOT-FOR-US: Microsoft .NET Framework
 CVE-2009-1535 (The WebDAV extension in Microsoft Internet Information Services
(IIS) ...)
 	NOT-FOR-US: IIS
 CVE-2009-1534 (Buffer overflow in the Office Web Components ActiveX Control in
...)
-	TODO: check
+	NOT-FOR-US: Microsoft Office XP
 CVE-2009-1533 (Buffer overflow in the Works for Windows document converters in
...)
 	NOT-FOR-US: Microsoft
 CVE-2009-1532 (Microsoft Internet Explorer 8 for Windows XP SP2 and SP3; 8 for
Server ...)
@@ -3843,7 +3867,7 @@
 CVE-2009-1428 (Multiple cross-site scripting (XSS) vulnerabilities in
ccLgView.exe in ...)
 	NOT-FOR-US: Symantec
 CVE-2009-1427 (Unspecified vulnerability in HP-UX B.11.31 allows local users to
cause ...)
-	TODO: check
+	NOT-FOR-US: HP-UX
 CVE-2009-1426 (Unspecified vulnerability on HP ProLiant DL and ML 100 Series
G5, G5p, ...)
 	NOT-FOR-US: HP ProLiant
 CVE-2009-1425 (Unspecified vulnerability in HP ProCurve Threat Management
Services zl ...)
@@ -5095,7 +5119,7 @@
 CVE-2009-1134 (Excel in 2007 Microsoft Office System SP1 and SP2; Microsoft
Office ...)
 	NOT-FOR-US: Microsoft
 CVE-2009-1133 (Heap-based buffer overflow in Microsoft Remote Desktop
Connection ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2009-1132
 	RESERVED
 CVE-2009-1131 (Multiple stack-based buffer overflows in Microsoft Office
PowerPoint ...)
@@ -6786,7 +6810,7 @@
 	- cyrus-sasl2 2.1.23.dfsg1-1 (bug #528749)
 	NOTE: VU#238019
 CVE-2009-0687 (The pf_test_rule function in OpenBSD Packet Filter (PF), as used
in ...)
-	TODO: check
+	NOT-FOR-US: OpenBSD Packet Filter
 CVE-2009-0686 (The TrendMicro Activity Monitor Module (tmactmon.sys)
2.52.0.1002 in ...)
 	NOT-FOR-US: Trend Micro Internet Pro
 CVE-2009-0685
@@ -7419,7 +7443,7 @@
 CVE-2009-0563 (Stack-based buffer overflow in Microsoft Office Word 2002 SP3,
2003 ...)
 	NOT-FOR-US: Microsoft
 CVE-2009-0562 (The Office Web Components ActiveX Control in Microsoft Office XP
SP3, ...)
-	TODO: check
+	NOT-FOR-US: ActiveX
 CVE-2009-0561 (Integer overflow in Excel in Microsoft Office 2000 SP3, Office
XP SP3, ...)
 	NOT-FOR-US: Microsoft
 CVE-2009-0560 (Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003
SP3, ...)
Secure testing commits - Aug 2009 - r12582 - data/CVE

[Secure-testing-commits] r12582 - data/CVE
