Author: jamie-guest
Date: 2010-04-12 14:54:15 +0000 (Mon, 12 Apr 2010)
New Revision: 14464
Modified:
data/CVE/list
Log:
NFUs
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-04-12 09:29:48 UTC (rev 14463)
+++ data/CVE/list 2010-04-12 14:54:15 UTC (rev 14464)
@@ -1,3 +1,31 @@
+CVE-2010-1346
+ NOT-FOR-US: Mini CMS RibaFS
+CVE-2010-1345
+ NOT-FOR-US: Joomla!
+CVE-2010-1344
+ NOT-FOR-US: Joomla!
+CVE-2010-1343
+ NOT-FOR-US: SiteX
+CVE-2010-1342
+ NOT-FOR-US: Direct News
+CVE-2010-1341
+ NOT-FOR-US: Systemsoftware Community Black Forum
+CVE-2010-1340
+ NOT-FOR-US: Joomla!
+CVE-2010-1339
+ NOT-FOR-US: Teamsite Hack plugin
+CVE-2010-1338
+ NOT-FOR-US: Teamsite Hack plugin
+CVE-2010-1337
+ NOT-FOR-US: Lussumo Vanilla
+CVE-2010-1336
+ NOT-FOR-US: INVOhost
+CVE-2010-1335
+ NOT-FOR-US: Insky CMS
+CVE-2010-1334
+ NOT-FOR-US: Pulse CMS Basic
+CVE-2010-1333
+ NOT-FOR-US: Almas Inc. Compiere J300_A02
CVE-2010-XXXX [irssi two issues]
- irssi 0.8.15-1
TODO: check
@@ -4,9 +32,9 @@
NOTE: "The first [sec issue] being that Irssi didn''t check
hostname on SSL connections and the other being a hard to exploit remote crash
bug."
NOTE: from www.irssi.org
CVE-2010-1332
- RESERVED
+ NOT-FOR-US: PrettyBook PrettyFormMail
CVE-2010-1331
- RESERVED
+ NOT-FOR-US: Heartlogic HL-SiteManager
CVE-2010-1330
RESERVED
CVE-2010-1329
@@ -122,29 +150,29 @@
CVE-2010-1277 (SQL injection vulnerability in the user.authenticate method in
the API ...)
- zabbix <unfixed> (bug #577058)
CVE-2010-1276 (Multiple cross-site scripting (XSS) vulnerabilities in BBSXP
2008 SP2 ...)
- TODO: check
+ NOT-FOR-US: BBSXP
CVE-2010-1275 (Cross-site scripting (XSS) vulnerability in ShowPost.asp in
BBSXP 2008 ...)
- TODO: check
+ NOT-FOR-US: BBSXP
CVE-2010-1274 (Cross-site scripting (XSS) vulnerability in Emweb Wt before
3.1.1 ...)
- TODO: check
+ NOT-FOR-US: Emweb Wt
CVE-2010-1273 (Emweb Wt before 3.1.1 does not validate the UTF-8 encoding of
(1) form ...)
- TODO: check
+ NOT-FOR-US: Emweb Wt
CVE-2010-1272 (PHP remote file inclusion vulnerability in includes/tgpinc.php
in ...)
- TODO: check
+ NOT-FOR-US: Gnat-TGP
CVE-2010-1271 (SQL injection vulnerability in showplugs.php in smartplugs 1.3
allows ...)
- TODO: check
+ NOT-FOR-US: smartplugs
CVE-2010-1270 (SQL injection vulnerability in auktion.php in Multi Auktions
Komplett ...)
- TODO: check
+ NOT-FOR-US: Multi Auktions Komplett System
CVE-2010-1269 (SQL injection vulnerability in auktion.php in phpscripte24
Niedrig ...)
- TODO: check
+ NOT-FOR-US: Gebote Pro Auktions System
CVE-2010-1268 (Directory traversal vulnerability in index.php in justVisual CMS
2.0, ...)
- TODO: check
+ NOT-FOR-US: justVisual CMS
CVE-2010-1267 (Multiple directory traversal vulnerabilities in WebMaid CMS
0.2-6 Beta ...)
- TODO: check
+ NOT-FOR-US: WebMaid CMS
CVE-2010-1266 (Multiple PHP remote file inclusion vulnerabilities in WebMaid
CMS ...)
- TODO: check
+ NOT-FOR-US: WebMaid CMS
CVE-2010-1265 (SQL injection vulnerability in Adam Corley dcsFlashGames ...)
- TODO: check
+ NOT-FOR-US: dcsFlashGames
CVE-2010-1264
RESERVED
CVE-2010-1263
@@ -211,29 +239,29 @@
NOTE: http://pyrit.googlecode.com/svn/tags/opt/aircrackng_exploit.py
TODO: file bug, request id
CVE-2010-1244 (Cross-site request forgery (CSRF) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Apache ActiveMQ
CVE-2010-1243 (The IBM Web Interface for Content Management (aka WEBi) before
1.0.4 ...)
- TODO: check
+ NOT-FOR-US: IBM Web Interface for Content Management
CVE-2010-1242 (Multiple cross-site scripting (XSS) vulnerabilities in the IBM
Web ...)
- TODO: check
+ NOT-FOR-US: IBM Web Interface for Content Management
CVE-2010-1241 (The custom heap management system in Adobe Reader 9.3.1 allows
remote ...)
TODO: check
CVE-2010-1240 (Adobe Reader 9.3.1 on Windows does not restrict the contents of
one ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader
CVE-2010-1239 (Foxit Reader before 3.2.1.0401 allows remote attackers to (1)
execute ...)
- TODO: check
+ NOT-FOR-US: Foxit Reader
CVE-2010-1238 (MoinMoin 1.7.1 allows remote attackers to bypass the textcha
...)
TODO: check
CVE-2009-4764 (Adobe Reader 8.x and 9.x on Windows is able to execute EXE files
that ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader
CVE-2007-6735 (NWFTPD.nlm before 5.08.06 in the FTP server in Novell NetWare
does not ...)
- TODO: check
+ NOT-FOR-US: Novell NetWare
CVE-2007-6734 (NWFTPD.nlm before 5.08.07 in the FTP server in Novell NetWare
6.5 SP7 ...)
- TODO: check
+ NOT-FOR-US: Novell NetWare
CVE-2005-4888 (NWFTPD.nlm before 5.06.04 in the FTP server in Novell NetWare
allows ...)
- TODO: check
+ NOT-FOR-US: Novell NetWare
CVE-2005-4887 (NWFTPD.nlm before 5.06.05 in the FTP server in Novell NetWare
6.5 SP5 ...)
- TODO: check
+ NOT-FOR-US: Novell NetWare
CVE-2004-2767 (NWFTPD.nlm before 5.04.25 in the FTP server in Novell NetWare
does not ...)
TODO: check
CVE-2003-1596 (NWFTPD.nlm before 5.03.12 in the FTP server in Novell NetWare
does not ...)
@@ -320,11 +348,11 @@
- asterisk 1:1.6.2.6-1 (low; bug #576560)
[lenny] - asterisk <not-affected> (Vulnerable code not present)
CVE-2010-1223 (Multiple buffer overflows in CA XOsoft r12.0 and r12.5 allow
remote ...)
- TODO: check
+ NOT-FOR-US: CA XOsoft
CVE-2010-1222 (CA XOsoft r12.5 does not properly perform authentication, which
allows ...)
- TODO: check
+ NOT-FOR-US: CA XOsoft
CVE-2010-1221 (CA XOsoft r12.0 and r12.5 does not properly perform
authentication, ...)
- TODO: check
+ NOT-FOR-US: CA XOsoft
CVE-2010-1220
RESERVED
CVE-2010-XXXX [interchange potential HTTP response splitting vulnerability]
@@ -382,7 +410,7 @@
CVE-2010-1191 (Sahana disaster management system 0.6.2.2, and possibly other
...)
- sahana <itp> (bug #497414)
CVE-2010-1186 (Cross-site scripting (XSS) vulnerability in xml/media-rss.php in
the ...)
- TODO: check
+ NOT-FOR-US: NextGEN Gallery plugin for WordPress
CVE-2009-4763 (Unspecified vulnerability in the ClickHeat plugin, as used in
...)
NOT-FOR-US: ClickHeat plugin
CVE-2010-1188 (Use-after-free vulnerability in net/ipv4/tcp_input.c in the
Linux ...)
@@ -588,9 +616,9 @@
CVE-2010-1121 (Unspecified vulnerability in Mozilla Firefox 3 on Windows 7
allows ...)
TODO: check
CVE-2010-1120 (Unspecified vulnerability in Safari 4 on Apple Mac OS X 10.6
allows ...)
- TODO: check
+ NOT-FOR-US: Apple Safari
CVE-2010-1119 (Unspecified vulnerability in Safari on Apple iPhone OS allows
remote ...)
- TODO: check
+ NOT-FOR-US: Apple Safari
CVE-2010-1118 (Unspecified vulnerability in Internet Explorer 8 on Microsoft
Windows ...)
NOT-FOR-US: Internet Explorer
CVE-2010-1117 (Heap-based buffer overflow in Internet Explorer 8 on Microsoft
Windows ...)
@@ -823,7 +851,7 @@
CVE-2009-4738
RESERVED
CVE-2009-4737 (Stack-based buffer overflow in JustSystems Corporation Ichitaro
13, ...)
- TODO: check
+ NOT-FOR-US: JustSystems Corporation Ichitaro
CVE-2009-4736 (Cross-site scripting (XSS) vulnerability in search.php in
CommonSense ...)
NOT-FOR-US: CommonSense CMS
CVE-2010-XXXX [alien-arena: server dos]
@@ -865,9 +893,9 @@
CVE-2010-0994
RESERVED
CVE-2010-0993
- RESERVED
+ NOT-FOR-US: Pulse CMS Basic
CVE-2010-0992
- RESERVED
+ NOT-FOR-US: Pulse CMS Basic
CVE-2010-0991
RESERVED
CVE-2010-0990
@@ -1828,7 +1856,7 @@
[lenny] - asterisk <no-dsa> (Unfixable design issue, best practice docs
need to be followed)
[squeeze] - asterisk <no-dsa> (Unfixable design issue, best practice
docs need to be followed)
CVE-2010-0684 (Cross-site scripting (XSS) vulnerability in
createDestination.action ...)
- TODO: check
+ NOT-FOR-US: Apache ActiveMQ
CVE-2010-0683 (Unspecified vulnerability in TIBRepoServer5.jar in TIBCO
Administrator ...)
NOT-FOR-US: TIBCO Administrator
CVE-2010-0682 (WordPress 2.9 before 2.9.2 allows remote authenticated users to
read ...)
@@ -2038,7 +2066,7 @@
CVE-2010-0626
RESERVED
CVE-2010-0625 (Stack-based buffer overflow in NWFTPD.nlm before 5.10.01 in the
FTP ...)
- TODO: check
+ NOT-FOR-US: Novell NetWare
CVE-2010-0624 (Heap-based buffer overflow in the rmt_read__ function in ...)
- cpio 2.11-1 (low)
- tar 1.23-1 (low)
@@ -9180,7 +9208,7 @@
CVE-2009-2823 (The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables
the ...)
NOT-FOR-US: Apple Mac OS X
CVE-2009-2822 (AirPort Utility before 5.5.1 for Apple AirPort Base Station does
not ...)
- TODO: check
+ NOT-FOR-US: AirPort Utility
CVE-2009-2821
RESERVED
CVE-2009-2820 (The web interface in CUPS before 1.4.2, as used on Apple Mac OS
X ...)