thr3ads.net - Secure testing commits - [Secure-testing-commits] r19396

If this information is useful, please help other people find it:
Share via:
Federico Ceratto
2012-May-31 21:26 UTC
[Secure-testing-commits] r19396 - data/CVE

Author: federico-guest
Date: 2012-05-31 21:26:09 +0000 (Thu, 31 May 2012)
New Revision: 19396

Modified:
   data/CVE/list
Log:
NFUs

Modified: data/CVE/list
==================================================================---
data/CVE/list	2012-05-31 21:14:26 UTC (rev 19395)
+++ data/CVE/list	2012-05-31 21:26:09 UTC (rev 19396)
@@ -301,11 +301,11 @@
 CVE-2012-2952 (SQL injection vulnerability in add_ons.php in Jaow 2.4.5 and
earlier ...)
 	TODO: check
 CVE-2012-2951 (SQL injection vulnerability in plog-rss.php in Plogger allows
remote ...)
-	TODO: check
+	NOT-FOR-US: Plogger
 CVE-2012-2950
 	RESERVED
 CVE-2012-2949 (The ZTE sync_agent program for Android 2.3.4 on the Score M
device ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2012-2948 [asterisk: AST-2012-008 remote crash issue in chan_skinny]
 	RESERVED
 	- asterisk <unfixed> (bug #675210)
@@ -366,15 +366,15 @@
 CVE-2012-2928 (The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before
4.2 for ...)
 	NOT-FOR-US: JIRA plugin
 CVE-2012-2927 (The TM Software Tempo plugin before 6.4.3.1, 6.5.x before
6.5.0.2, and ...)
-	TODO: check
+	NOT-FOR-US: Atlassian JIRA
 CVE-2012-2926 (Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0
before ...)
 	NOT-FOR-US: Atlassian JIRA
 CVE-2012-2925 (SQL injection vulnerability in engine.php in Simple PHP Agenda
2.2.8 ...)
 	NOT-FOR-US: Simple PHP Agenda
 CVE-2012-2924 (PHP remote file inclusion vulnerability in admin/setup.inc.php
in ...)
-	TODO: check
+	NOT-FOR-US: Hypermethod eLearning Server 4G
 CVE-2012-2923 (SQL injection vulnerability in news.php4 in Hypermethod
eLearning ...)
-	TODO: check
+	NOT-FOR-US: Hypermethod eLearning Server 4G
 CVE-2012-2922 (The request_path function in includes/bootstrap.inc in Drupal
7.14 and ...)
 	- drupal7 <unfixed> (unimportant)
 	NOTE: Path disclosure irrelevant for Debian
@@ -383,33 +383,33 @@
 CVE-2012-2920 (Cross-site scripting (XSS) vulnerability in the
userphoto_options_page ...)
 	TODO: check
 CVE-2012-2919 (Directory traversal vulnerability in Upload/engine.php in
Chevereto ...)
-	TODO: check
+	NOT-FOR-US: Chevereto
 CVE-2012-2918 (Cross-site scripting (XSS) vulnerability in Upload/engine.php in
...)
-	TODO: check
+	NOT-FOR-US: Chevereto
 CVE-2012-2917 (Cross-site scripting (XSS) vulnerability in the Share and Follow
...)
 	TODO: check
 CVE-2012-2916 (Cross-site scripting (XSS) vulnerability in
sabre_class_admin.php in ...)
 	TODO: check
 CVE-2012-2915 (Stack-based buffer overflow in Lattice Semiconductor
PAC-Designer ...)
-	TODO: check
+	NOT-FOR-US: Lattice Semiconductor PAC-Designer
 CVE-2012-2914 (Cross-site scripting (XSS) vulnerability in captchademo.php in
...)
-	TODO: check
+	NOT-FOR-US: Unijimpe Captcha
 CVE-2012-2913 (Multiple cross-site scripting (XSS) vulnerabilities in the
Leaflet ...)
 	TODO: check
 CVE-2012-2912 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
 	TODO: check
 CVE-2012-2911 (Cross-site scripting (XSS) vulnerability in backupDB.php in ...)
-	TODO: check
+	NOT-FOR-US: SiliSoftware backupDB
 CVE-2012-2910 (Multiple cross-site scripting (XSS) vulnerabilities in
SiliSoftware ...)
-	TODO: check
+	NOT-FOR-US: SiliSoftware phpThumb
 CVE-2012-2909 (Multiple cross-site scripting (XSS) vulnerabilities in Viscacha
...)
-	TODO: check
+	NOT-FOR-US: Viscacha
 CVE-2012-2908 (Multiple SQL injection vulnerabilities in admin/bbcodes.php in
...)
-	TODO: check
+	NOT-FOR-US: Viscacha
 CVE-2012-2907 (Cross-site scripting (XSS) vulnerability in the
aberdeen_breadcrumb ...)
 	TODO: check
 CVE-2012-2906 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: Artiphp CMS 5.5.0 Neo
 CVE-2012-2905 (Artiphp CMS 5.5.0 Neo (r422) stores database backups with
predictable ...)
 	NOT-FOR-US: Artiphp CMS
 CVE-2012-2904 (player.swf in LongTail JW Player 5.9 allows remote attackers to
...)
@@ -1104,7 +1104,7 @@
 CVE-2012-2569
 	RESERVED
 CVE-2012-2568 (d41d8cd98f00b204e9800998ecf8427e.php in the management web
server on ...)
-	TODO: check
+	NOT-FOR-US: Seagate BlackArmor
 CVE-2012-2567 (The Xelex MobileTrack application 2.3.7 and earlier for Android
uses ...)
 	NOT-FOR-US: Xelex MobileTrack application
 CVE-2012-2566
@@ -1264,7 +1264,7 @@
 CVE-2012-2489
 	RESERVED
 CVE-2012-2488 (Cisco IOS XR before 4.2.1 on ASR 9000 series devices and CRS
series ...)
-	TODO: check
+	NOT-FOR-US: Cisco IOS
 CVE-2012-2487
 	RESERVED
 CVE-2012-2486
@@ -1417,7 +1417,7 @@
 CVE-2012-2412
 	RESERVED
 CVE-2012-2411 (Buffer overflow in RealNetworks RealPlayer before 15.0.4.53, and
...)
-	TODO: check
+	NOT-FOR-US: RealNetworks RealPlayer
 CVE-2012-2410
 	RESERVED
 CVE-2012-2409
@@ -1977,7 +1977,7 @@
 CVE-2012-2272
 	RESERVED
 CVE-2012-2271 (Buffer overflow in the InitLicenKeys function in a certain
ActiveX ...)
-	TODO: check
+	NOT-FOR-US: SkinCrafter
 CVE-2012-2270 (Open redirect vulnerability in index.php (aka the Login Page) in
...)
 	- owncloud 4.0.0debian-1
 CVE-2012-2269 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud
3.0.0 ...)
@@ -2057,7 +2057,7 @@
 CVE-2012-2236 (SQL injection vulnerability in users.php in PHP Gift Registry
1.5.5 ...)
 	NOT-FOR-US: PHP Gift Registry
 CVE-2012-2235 (Cross-site scripting (XSS) vulnerability in Support Incident
Tracker ...)
-	TODO: check
+	NOT-FOR-US: Support Incident Tracker
 CVE-2012-2234 (Cross-site scripting (XSS) vulnerability in
sources/users.queries.php ...)
 	NOT-FOR-US: TeamPass.net
 CVE-2012-2233
@@ -2188,7 +2188,7 @@
 CVE-2012-2177
 	RESERVED
 CVE-2012-2176 (Multiple stack-based buffer overflows in a certain ActiveX
control in ...)
-	TODO: check
+	NOT-FOR-US: IBM Lotus Quickr
 CVE-2012-2175
 	RESERVED
 CVE-2012-2174
@@ -2584,7 +2584,7 @@
 CVE-2012-2043
 	RESERVED
 CVE-2012-2042 (Adobe Illustrator before CS6 allows attackers to execute
arbitrary ...)
-	TODO: check
+	NOT-FOR-US: Adobe Illustrator
 CVE-2012-2041
 	RESERVED
 CVE-2012-2040
@@ -2688,7 +2688,7 @@
 CVE-2012-1991
 	RESERVED
 CVE-2012-1990 (Multiple cross-site scripting (XSS) vulnerabilities in Schneider
...)
-	TODO: check
+	NOT-FOR-US: Schneider Electric Kerweb
 CVE-2012-1989
 	RESERVED
 	- puppet 2.7.13-1
@@ -3043,7 +3043,7 @@
 CVE-2012-1825
 	RESERVED
 CVE-2012-1824 (Untrusted search path vulnerability in Measuresoft ScadaPro
Client ...)
-	TODO: check
+	NOT-FOR-US: Measuresoft ScadaPro
 CVE-2012-1823 (sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2,
when ...)
 	{DSA-2465-1}
 	- php5 5.4.3-1
@@ -3052,7 +3052,7 @@
 CVE-2012-1822
 	RESERVED
 CVE-2012-1821 (The Network Threat Protection module in the Manager component in
...)
-	TODO: check
+	NOT-FOR-US: Symantec Endpoint Protection on Windows Server 2003
 CVE-2012-1820
 	RESERVED
 CVE-2012-1819 (Untrusted search path vulnerability in WellinTech KingView 6.53
allows ...)
@@ -4328,7 +4328,7 @@
 CVE-2012-1250
 	RESERVED
 CVE-2012-1249 (The iLunascape application 1.0.4.0 and earlier for Android does
not ...)
-	TODO: check
+	NOT-FOR-US: iLunascape
 CVE-2012-1248 (app/config/core.php in baserCMS 1.6.15 and earlier does not
properly ...)
 	TODO: check
 CVE-2012-1247 (Cross-site scripting (XSS) vulnerability in KENT-WEB WEB MART
1.7 and ...)
@@ -6833,17 +6833,17 @@
 CVE-2012-0300
 	RESERVED
 CVE-2012-0299 (The file-management scripts in the management GUI in Symantec
Web ...)
-	TODO: check
+	NOT-FOR-US: Symantec Web Gateway
 CVE-2012-0298 (The file-management scripts in the management GUI in Symantec
Web ...)
-	TODO: check
+	NOT-FOR-US: Symantec Web Gateway
 CVE-2012-0297 (The management GUI in Symantec Web Gateway 5.0.x before 5.0.3
does not ...)
-	TODO: check
+	NOT-FOR-US: Symantec Web Gateway
 CVE-2012-0296 (Multiple cross-site scripting (XSS) vulnerabilities in the
management ...)
-	TODO: check
+	NOT-FOR-US: Symantec Web Gateway
 CVE-2012-0295 (The Manager service in the management console in Symantec
Endpoint ...)
-	TODO: check
+	NOT-FOR-US: Symantec Endpoint Protection
 CVE-2012-0294 (Directory traversal vulnerability in the Manager service in the
...)
-	TODO: check
+	NOT-FOR-US: Symantec Endpoint Protection
 CVE-2012-0293 (Multiple SQL injection vulnerabilities in Symantec Altiris WISE
...)
 	NOT-FOR-US: Symantec Altiris WISE Package Studio
 CVE-2012-0292 (The awhost32 service in Symantec pcAnywhere through 12.5.3,
Altiris IT ...)
@@ -6853,7 +6853,7 @@
 CVE-2012-0290 (Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite
...)
 	NOT-FOR-US: Symantec pcAnywhere
 CVE-2012-0289 (Buffer overflow in Symantec Endpoint Protection (SEP) 11.0.600x
...)
-	TODO: check
+	NOT-FOR-US: Symantec Network Access Control
 CVE-2011-5052 (Stack-based buffer overflow in CoCSoft Stream Down 6.8.0 allows
remote ...)
 	NOT-FOR-US: CoCSoft Stream Down
 CVE-2011-5051 (Multiple unrestricted file upload vulnerabilities in the WP
Symposium ...)
Secure testing commits - May 2012 - r19396 - data/CVE

[Secure-testing-commits] r19396 - data/CVE
