Author: pedrib-guest Date: 2010-05-22 01:51:46 +0000 (Sat, 22 May 2010) New Revision: 14725 Modified: data/CVE/list Log: new issues with mydms,iceweasel plus a few NFUs and drupal not affected Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-05-21 21:14:47 UTC (rev 14724) +++ data/CVE/list 2010-05-22 01:51:46 UTC (rev 14725) @@ -1,41 +1,49 @@ CVE-2010-2007 (Multiple cross-site request forgery (CSRF) vulnerabilities in LetoDMS ...) - TODO: check + - mydms <unfixed> (bug #582587; medium) + [lenny] - mydms <unfixed> (bug #582587; medium) + NOTE: seems to have changed name to letoDMS CVE-2010-2006 (Directory traversal vulnerability in op/op.Login.php in LetoDMS ...) - TODO: check + - mydms <unfixed> (bug #582587; medium) + [lenny] - mydms <unfixed> (bug #582587; medium) + NOTE: seems to have changed name to letoDMS CVE-2010-2005 (Multiple PHP remote file inclusion vulnerabilities in DataLife Engine ...) - TODO: check + NOT-FOR-US: Datalife Engine CVE-2010-2004 (Stack-based buffer overflow in BS.Global BS.Player 2.51 Build 1022 ...) - TODO: check + NOT-FOR-US: BS.Player CVE-2010-2003 (Cross-site scripting (XSS) vulnerability in misc/get_admin.php in ...) - TODO: check + NOT-FOR-US: Advanced Poll CVE-2010-2002 (Cross-site scripting (XSS) vulnerability in the Wordfilter module 5.x ...) - TODO: check + - drupal6 <not-affected> (Vulnerable code not present) CVE-2010-2001 (Cross-site scripting (XSS) vulnerability in the CiviRegister module ...) - TODO: check + - drupal6 <not-affected> (Vulnerable code not present) CVE-2010-2000 (Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) ...) - TODO: check + - drupal6 <not-affected> (Vulnerable code not present) CVE-2010-1999 (Directory traversal vulnerability in scr/soustab.php in OpenMairie ...) - TODO: check + NOT-FOR-US: OpenMairie Opencatalogue CVE-2010-1998 (Cross-site scripting (XSS) vulnerability in the CCK TableField module ...) - TODO: check + - drupal6 <not-affected> (Vulnerable code not present) CVE-2010-1997 (Cross-site scripting (XSS) vulnerability in admin/edit.php in Saurus ...) - TODO: check + NOT-FOR-US: Saurus CMS CVE-2010-1996 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) - TODO: check + NOT-FOR-US: Tomato CMS CVE-2010-1995 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) - TODO: check + NOT-FOR-US: Tomato CMS CVE-2010-1994 (SQL injection vulnerability in index.php in TomatoCMS before 2.0.5 ...) - TODO: check + NOT-FOR-US: Tomato CMS CVE-2010-1993 (Opera 9.52 does not properly handle an IFRAME element with a mailto: ...) - TODO: check + NOT-FOR-US: Opera CVE-2010-1992 (Google Chrome 1.0.154.48 executes a mail application in situations ...) - TODO: check + - chromium-browser <not-affected> (Linux version seems to be unaffected) + NOTE: http://translate.google.com/translate?hl=en&u=http://websecurity.com.ua/4206/&sl=uk&tl=en + NOTE: tested with Chromium, only seems to open 1 new window, but does not cause DoS + NOTE: might be better to re-test later CVE-2010-1991 (Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2010-1990 (Mozilla Firefox 3.6.x, 3.5.x, 3.0.19, and earlier, and SeaMonkey, ...) - TODO: check + - iceweasel <unfixed> (bug #582590; medium) + [lenny] - iceweasel <unfixed> (bug #582590; medium) CVE-2010-1989 (Opera 9.52 executes a mail application in situations where an IMG ...) - TODO: check + NOT-FOR-US: Opera CVE-2010-1988 (Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to ...) TODO: check CVE-2010-1987 (Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to ...)