Author: nion Date: 2008-02-09 18:55:20 +0000 (Sat, 09 Feb 2008) New Revision: 8121 Modified: data/CVE/list Log: NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-02-09 18:11:02 UTC (rev 8120) +++ data/CVE/list 2008-02-09 18:55:20 UTC (rev 8121) @@ -62,27 +62,27 @@ CVE-2008-0612 (Directory traversal vulnerability in htdocs/install/index.php in XOOPS ...) NOT-FOR-US: XOOPS CVE-2008-0611 (SQL injection vulnerability in rmgs/images.php in the RMSOFT Gallery ...) - TODO: check + NOT-FOR-US: RMSOFT Gallery module for XOOPS CVE-2008-0610 (Stack-based buffer overflow in the ...) - TODO: check + NOT-FOR-US: UltraVNC CVE-2008-0609 (Directory traversal vulnerability in index.php in DivideConcept VHD ...) - TODO: check + NOT-FOR-US: Web Pack 2.0 CVE-2008-0608 (The Logging Server (ftplogsrv.exe) 7.9.14.0 and earlier in IPSwitch ...) - TODO: check + NOT-FOR-US: IPSwitch WS_FTP CVE-2008-0607 (SQL injection vulnerability in index.php in the Sigsiu Online Business ...) - TODO: check + NOT-FOR-US: Sigsiu Online Business Index 2 component for Joomla! and Mambo CVE-2008-0606 (SQL injection vulnerability in index.php in the Shambo2 (com_shambo2) ...) - TODO: check + NOT-FOR-US: Shambo2 component for Mambo and Joomla! CVE-2008-0605 (Multiple cross-site scripting (XSS) vulnerabilities in AstroSoft ...) - TODO: check + NOT-FOR-US: AstroSoft HelpDesk CVE-2008-0604 (The LDAP authentication feature in XLight FTP Server before 2.83, when ...) - TODO: check + NOT-FOR-US: XLight FTP Server CVE-2008-0603 (SQL injection vulnerability in index.php in the amazOOP Awesom! ...) - TODO: check + NOT-FOR-US: amazOOP Awesom! component for Mambo and Joomla! CVE-2008-0602 (Directory traversal vulnerability in index.php in All Club CMS (ACCMS) ...) - TODO: check + NOT-FOR-US: All Club CMS (ACCMS) CVE-2008-0601 (SQL injection vulnerability in index.php in All Club CMS (ACCMS) ...) - TODO: check + NOT-FOR-US: All Club CMS (ACCMS) CVE-2008-0600 RESERVED CVE-2008-0599 @@ -115,103 +115,103 @@ - xulrunner 1.8.1.12-1 - icedove <unfixed> CVE-2008-0590 (Buffer overflow in Ipswitch WS_FTP Server with SSH 6.1.0.0 allows ...) - TODO: check + NOT-FOR-US: WS_FTP Server with SSH CVE-2008-0589 (The ps program in bos.rte.control in IBM AIX 5.2, 5.3, and 6.1 allows ...) - TODO: check + NOT-FOR-US: IBM AIX CVE-2008-0588 (Buffer overflow in the utape program in devices.scsi.tape.diag in IBM ...) - TODO: check + NOT-FOR-US: IBM AIX CVE-2008-0587 (Buffer overflow in the uspchrp program in devices.chrp.base.diag in ...) - TODO: check + NOT-FOR-US: IBM AIX CVE-2008-0586 (Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users to ...) - TODO: check + NOT-FOR-US: IBM AIX CVE-2008-0585 (sysmgt.websm.webaccess in IBM AIX 5.2 and 5.3 has world writable ...) - TODO: check + NOT-FOR-US: IBM AIX CVE-2008-0584 (Multiple buffer overflows in bos.rte.control in IBM AIX 5.2 and 5.3 ...) - TODO: check + NOT-FOR-US: IBM AIX CVE-2008-0583 (Cross-zone scripting vulnerability in the Internet Explorer web ...) - TODO: check + NOT-FOR-US: Skype CVE-2008-0582 (Cross-zone scripting vulnerability in the Internet Explorer web ...) - TODO: check + NOT-FOR-US: Skype CVE-2008-0581 (Geert Moernaut LSrunasE allows local users to gain privileges by ...) - TODO: check + NOT-FOR-US: LSrunasE CVE-2008-0580 (Geert Moernaut LSrunasE and Supercrypt use an encryption key composed ...) - TODO: check + NOT-FOR-US: LSrunasE and Supercrypt CVE-2008-0579 (SQL injection vulnerability in index.php in the buslicense ...) - TODO: check + NOT-FOR-US: buslicense component for Joomla! CVE-2008-0578 (Cross-site scripting (XSS) vulnerability in the web management login ...) - TODO: check + NOT-FOR-US: Tripwire Enterprise/Server Management Web Interface CVE-2008-0577 (The Project Issue Tracking module 5.x-2.x-dev before 20080130 in the ...) - TODO: check + NOT-FOR-US: Project Issue Tracking module for Drupal CVE-2008-0576 (Cross-site scripting (XSS) vulnerability in the Project Issue Tracking ...) - TODO: check + NOT-FOR-US: Project Issue Tracking module for Drupal CVE-2008-0575 (Cross-site request forgery (CSRF) vulnerability in ...) - TODO: check + NOT-FOR-US: webSPELL CVE-2008-0574 (Cross-site scripting (XSS) vulnerability in index.php in webSPELL ...) - TODO: check + NOT-FOR-US: webSPELL CVE-2008-0573 (IPSecDrv.sys 10.4.0.12 in SafeNET HighAssurance Remote and SoftRemote ...) - TODO: check + NOT-FOR-US: SafeNET HighAssurance Remote and SoftRemote CVE-2008-0572 (Multiple PHP remote file inclusion vulnerabilities in Mindmeld ...) - TODO: check + NOT-FOR-US: Mindmeld CVE-2008-0571 (The point moderation form in the Userpoints 4.7.x before 4.7.x-2.3, ...) - TODO: check + NOT-FOR-US: Userpoints module for Drupal CVE-2008-0570 (The OpenID 5.x-1.0 and earlier module for Drupal does not properly ...) - TODO: check + NOT-FOR-US: OpenID module for Drupal CVE-2008-0569 (The Comment Upload 4.7.x before 4.7.x-0.1 and 5.x before 5.x-0.1 ...) - TODO: check + NOT-FOR-US: Comment upload module for Drupal CVE-2008-0568 (Unspecified vulnerability in the IP-authentication feature in the ...) - TODO: check + NOT-FOR-US: Secure Site module for Drupal CVE-2008-0567 (Multiple PHP remote file inclusion vulnerabilities in ChronoEngine ...) - TODO: check + NOT-FOR-US: ChronoEngine ChronoForms component for Joomla! CVE-2008-0566 (PHP remote file inclusion vulnerability in includes/smarty.php in ...) - TODO: check + NOT-FOR-US: DeltaScripts PHP Links CVE-2008-0565 (SQL injection vulnerability in vote.php in DeltaScripts PHP Links 1.3 ...) - TODO: check + NOT-FOR-US: DeltaScripts PHP Links CVE-2008-0563 (Cross-site request forgery (CSRF) vulnerability in ...) - TODO: check + NOT-FOR-US: Liferay Portal CVE-2008-0562 (SQL injection vulnerability in index.php in the Restaurant ...) - TODO: check + NOT-FOR-US: Restaurant component for Mambo and Joomla! CVE-2008-0561 (SQL injection vulnerability in index.php in the Arthur Konze ...) - TODO: check + NOT-FOR-US: AkoGallery component for Mambo and Joomla! CVE-2008-0560 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: cforms wordpress plugin CVE-2008-0559 (Multiple directory traversal vulnerabilities in Nilson''s Blogger 0.11 ...) - TODO: check + NOT-FOR-US: cforms wordpress plugin CVE-2008-0558 (Cross-site scripting (XSS) vulnerability in Uniwin eCart Professional ...) - TODO: check + NOT-FOR-US: Uniwin eCart Professiona CVE-2008-0557 (SQL injection vulnerability in index.php in the CatalogShop ...) - TODO: check + NOT-FOR-US: CatalogShop componenent for Mambo and Joomla! CVE-2008-0556 RESERVED CVE-2008-0555 RESERVED CVE-2008-0552 (Cross-site scripting (XSS) vulnerability in index.php in eTicket ...) - TODO: check + NOT-FOR-US: eTicket CVE-2008-0551 (The NamoInstaller.NamoInstall.1 ActiveX control in NamoInstaller.dll ...) - TODO: check + NOT-FOR-US: Namo Web Editor CVE-2008-0550 (Off-by-one error in Steamcast 0.9.75 and earlier allows remote ...) - TODO: check + NOT-FOR-US: Steamcast CVE-2008-0549 (Integer overflow in the OggHeaderParse function in Steamcast 0.9.75 ...) - TODO: check + NOT-FOR-US: Steamcast CVE-2008-0548 (Steamcast 0.9.75 and earlier allows remote attackers to cause a denial ...) - TODO: check + NOT-FOR-US: Steamcast CVE-2008-0547 (Cross-site scripting (XSS) vulnerability in ...) - TODO: check + NOT-FOR-US: CandyPress CVE-2008-0546 (Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, ...) - TODO: check + NOT-FOR-US: CandyPress CVE-2008-0545 (Multiple directory traversal vulnerabilities in Bubbling Library 1.32 ...) - TODO: check + NOT-FOR-US: Bubbling Library CVE-2008-0543 (Multiple SQL injection vulnerabilities in Pre Dynamic Institution ...) - TODO: check + NOT-FOR-US: Pre Dynamic Institution CVE-2008-0542 (Directory traversal vulnerability in thumbnail.php in Gerd Tentler ...) - TODO: check + NOT-FOR-US: Simple Forum CVE-2008-0541 (Multiple cross-site scripting (XSS) vulnerabilities in forum.php in ...) - TODO: check + NOT-FOR-US: Simple Forum CVE-2008-0540 (Multiple cross-site scripting (XSS) vulnerabilities in trixbox 2.4.2.0 ...) - TODO: check + NOT-FOR-US: trixbox CVE-2008-0539 (Cross-site scripting (XSS) vulnerability in dms/policy/rep_request.php ...) - TODO: check + NOT-FOR-US: F5 BIG-IP Application Security Manager CVE-2008-0538 (Multiple SQL injection vulnerabilities in phpIP Management 4.3.2 allow ...) - TODO: check + NOT-FOR-US: phpIP Management CVE-2008-0537 RESERVED CVE-2008-0536 @@ -237,57 +237,57 @@ CVE-2008-0526 RESERVED CVE-2008-0525 (PatchLink Update client for Unix allows local users to (1) truncate ...) - TODO: check + NOT-FOR-US: PatchLink Update client for Unix CVE-2008-0524 (Cross-site request forgery (CSRF) vulnerability in the management ...) - TODO: check + NOT-FOR-US: Yamaha router firmware CVE-2008-0523 (Multiple cross-site scripting (XSS) vulnerabilities in SoftCart.exe in ...) - TODO: check + NOT-FOR-US: SoftCart CVE-2008-0522 (Cross-site scripting (XSS) vulnerability in multiple Hal Networks ...) - TODO: check + NOT-FOR-US: Hal Networks shopping-cart products CVE-2008-0521 (Multiple directory traversal vulnerabilities in Bubbling Library 1.32 ...) - TODO: check + NOT-FOR-US: Bubbling Library CVE-2008-0520 (Multiple SQL injection vulnerabilities in main.php in the WassUp ...) - TODO: check + NOT-FOR-US: WassUp plugin for WordPress CVE-2008-0519 (SQL injection vulnerability in index.php in the Atapin Jokes ...) - TODO: check + NOT-FOR-US: Atapin Jokes component for Mambo and Joomla! CVE-2008-0518 (SQL injection vulnerability in index.php in the Recipes (com_recipes) ...) - TODO: check + NOT-FOR-US: Recipes component for Mambo and Joomla! CVE-2008-0517 (SQL injection vulnerability in index.php in the Darko Selesi ...) - TODO: check + NOT-FOR-US: EstateAgent component for Mambo and Joomla! CVE-2008-0516 (PHP remote file inclusion vulnerability in spaw/dialogs/confirm.php in ...) - TODO: check + NOT-FOR-US: SQLiteManager CVE-2008-0515 (SQL injection vulnerability in index.php in the musepoes ...) - TODO: check + NOT-FOR-US: musepoes component for Mambo and Joomla! CVE-2008-0514 (SQL injection vulnerability in index.php in the Glossary ...) - TODO: check + NOT-FOR-US: Glossary component for Mambo and Joomla! CVE-2008-0513 (Directory traversal vulnerability in ...) - TODO: check + NOT-FOR-US: phpCMS CVE-2008-0512 (SQL injection vulnerability in index.php in the fq (com_fq) component ...) - TODO: check + NOT-FOR-US: fq component for Mambo and Joomla! CVE-2008-0511 (SQL injection vulnerability in index.php in the MaMML (com_mamml) ...) - TODO: check + NOT-FOR-US: MaMML component for Mambo and Joomla! CVE-2008-0510 (SQL injection vulnerability in index.php in the Newsletter ...) - TODO: check + NOT-FOR-US: Newsletter component for Mambo and Joomla! CVE-2008-0509 (Multiple buffer overflows in IBM AIX 4.3 allow remote attackers to ...) - TODO: check + NOT-FOR-US: IBM AIX CVE-2008-0508 (Cross-site request forgery (CSRF) vulnerability in ...) - TODO: check + NOT-FOR-US: Dean''s Permalinks Migration plugin for WordPress CVE-2008-0507 (SQL injection vulnerability in adclick.php in the AdServe 0.2 plugin ...) - TODO: check + NOT-FOR-US: AdServe plugin for WordPress CVE-2008-0506 (include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) ...) - TODO: check + NOT-FOR-US: Coppermine Photo Gallery CVE-2008-0505 (Multiple cross-site scripting (XSS) vulnerabilities in ...) - TODO: check + NOT-FOR-US: Coppermine Photo Gallery CVE-2008-0504 (Multiple SQL injection vulnerabilities in Coppermine Photo Gallery ...) - TODO: check + NOT-FOR-US: Coppermine Photo Gallery CVE-2008-0503 (Eval injection vulnerability in admin/op/disp.php in Netwerk Smart ...) - TODO: check + NOT-FOR-US: Netwerk Smart Publisher CVE-2008-0502 (PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: Connectix Boards CVE-2007-6700 (Cross-site scripting (XSS) vulnerability in cgi-bin/bgplg in the web ...) - TODO: check + NOT-FOR-US: web interface for the BGPD daemon CVE-2007-6699 (Multiple buffer overflows in the AIM PicEditor 9.5.1.8 ActiveX control ...) - TODO: check + NOT-FOR-US: AIM PicEditor CVE-2007-6698 (The BDB backend for slapd in OpenLDAP before 2.3.36, allows remote ...) TODO: check CVE-2007-6696 (Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar ...) @@ -1014,7 +1014,7 @@ CVE-2008-0213 RESERVED CVE-2008-0212 (ovtopmd in HP OpenView Network Node Manager (OV NNM) ...) - TODO: check + NOT-FOR-US: HP OpenView Network Node Manager CVE-2008-0211 RESERVED CVE-2008-0210 (Uebimiau Webmail 2.7.10 and 2.7.2 does not protect authentication ...) @@ -1084,15 +1084,15 @@ CVE-2008-0183 RESERVED CVE-2008-0182 (Cross-site request forgery (CSRF) vulnerability in the Admin portlet ...) - TODO: check + NOT-FOR-US: Liferay Portal CVE-2008-0181 (Cross-site scripting (XSS) vulnerability in the Admin portlet in ...) - TODO: check + NOT-FOR-US: Liferay Portal CVE-2008-0180 (Cross-site scripting (XSS) vulnerability in ...) - TODO: check + NOT-FOR-US: Liferay Portal CVE-2008-0179 (Cross-site scripting (XSS) vulnerability in ...) - TODO: check + NOT-FOR-US: Liferay Portal CVE-2008-0178 (Cross-site scripting (XSS) vulnerability in the Enterprise Admin ...) - TODO: check + NOT-FOR-US: Liferay Portal CVE-2008-0177 RESERVED CVE-2008-0176 (Heap-based buffer overflow in w32rtr.exe in GE Fanuc CIMPLICITY HMI ...) @@ -1379,7 +1379,7 @@ CVE-2008-0065 (Multiple stack-based buffer overflows in in_mp3.dll in Winamp 5.21, ...) NOT-FOR-US: Winamp CVE-2008-0064 (Stack-based buffer overflow in Pierre-emmanuel Gougelet (1) XnView ...) - TODO: check + NOT-FOR-US: XnView, nconvert GFL SDK for Windows CVE-2008-0063 RESERVED CVE-2008-0062