thr3ads.net - Secure testing commits - [Secure-testing-commits] r8932

If this information is useful, please help other people find it:
Share via:
white at alioth.debian.org
2008-May-30 13:37 UTC
[Secure-testing-commits] r8932 - data/CVE

Author: white
Date: 2008-05-30 13:37:38 +0000 (Fri, 30 May 2008)
New Revision: 8932

Modified:
   data/CVE/list
Log:
NFUs; stunnel4 windows specific issue

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-05-29 21:14:17 UTC (rev 8931)
+++ data/CVE/list	2008-05-30 13:37:38 UTC (rev 8932)
@@ -1,51 +1,51 @@
 CVE-2008-2500 (Cross-site scripting (XSS) vulnerability in the MOStlyContent
Editor ...)
-	TODO: check
+	NOT-FOR-US: MOStlyContent Editor
 CVE-2008-2499 (Stack-based buffer overflow in the Community Services
Multiplexer (aka ...)
-	TODO: check
+	NOT-FOR-US: Community Services Multiplexer
 CVE-2008-2498 (Multiple SQL injection vulnerabilities in index.php in Mambo
before ...)
-	TODO: check
+	NOT-FOR-US: Mambo
 CVE-2008-2497 (CRLF injection vulnerability in Mambo before 4.6.4 allows remote
...)
-	TODO: check
+	NOT-FOR-US: Mambo
 CVE-2008-2496 (Multiple cross-site scripting (XSS) vulnerabilities in Quate CMS
0.3.4 ...)
-	TODO: check
+	NOT-FOR-US: Quate CMS
 CVE-2008-2495 (Directory traversal vulnerability in index.php in Zina 1.0 RC3
allows ...)
-	TODO: check
+	NOT-FOR-US: Zina
 CVE-2008-2494 (Cross-site scripting (XSS) vulnerability in index.php in Zina
1.0 RC3 ...)
-	TODO: check
+	NOT-FOR-US: Zina
 CVE-2008-2493 (Cross-site scripting (XSS) vulnerability in post3/Book.asp in
Campus ...)
-	TODO: check
+	NOT-FOR-US: Campus Bulletin Board
 CVE-2008-2492 (Multiple SQL injection vulnerabilities in Campus Bulletin Board
3.4 ...)
-	TODO: check
+	NOT-FOR-US: Campus Bulletin Board
 CVE-2008-2491 (SQL injection vulnerability in adv_cat.php in AbleSpace 1.0
allows ...)
-	TODO: check
+	NOT-FOR-US: AbleSpace
 CVE-2008-2490 (Cross-site scripting (XSS) vulnerability in the KJ Image
Lightbox 2 ...)
-	TODO: check
+	NOT-FOR-US: KJ Image Lightbox 2
 CVE-2008-2489 (SQL injection vulnerability in the Library for Frontend Plugins
(aka ...)
-	TODO: check
+	NOT-FOR-US: Library for Frontend Plugins sg_zfelib
 CVE-2008-2488 (admin/userform.php in RoomPHPlanning 1.5 does not require ...)
-	TODO: check
+	NOT-FOR-US: RoomPHPlanning
 CVE-2008-2487 (SQL injection vulnerability in index.php in MAXSITE 1.10 and
earlier ...)
-	TODO: check
+	NOT-FOR-US: MAXSITE
 CVE-2008-2486 (Unspecified vulnerability in eMule Plus before 1.2d has unknown
impact ...)
 	TODO: check
 CVE-2008-2485 (Cross-site scripting (XSS) vulnerability in the URL redirection
script ...)
-	TODO: check
+	NOT-FOR-US: PCPIN chat
 CVE-2008-2484 (SQL injection vulnerability in index.php in Xomol CMS
1.20071213, when ...)
-	TODO: check
+	NOT-FOR-US: Xomol CMS
 CVE-2008-2483 (Directory traversal vulnerability in index.php in Xomol CMS
1.20071213 ...)
-	TODO: check
+	NOT-FOR-US: Xomol CMS
 CVE-2008-2482 (Directory traversal vulnerability in install_mod.php in
insanevisions ...)
-	TODO: check
+	NOT-FOR-US: OneCMS
 CVE-2008-2481 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: phpRaider
 CVE-2008-2480 (PHP remote file inclusion vulnerability in plus.php in plusPHP
Short ...)
-	TODO: check
+	NOT-FOR-US: plusPHP
 CVE-2008-2479 (Multiple SQL injection vulnerabilities in phpFix 2.0 allow
remote ...)
-	TODO: check
+	NOT-FOR-US: phpFix
 CVE-2008-2478 (** DISPUTED ** ...)
 	TODO: check
 CVE-2008-2477 (SQL injection vulnerability in index.php in MxBB (aka MX-System)
...)
-	TODO: check
+	NOT-FOR-US: MxBB (MX-System)
 CVE-2008-2476
 	RESERVED
 CVE-2008-2475
@@ -77,43 +77,43 @@
 CVE-2008-2462
 	RESERVED
 CVE-2008-2461 (SQL injection vulnerability in index.php in Netious CMS 0.4
allows ...)
-	TODO: check
+	NOT-FOR-US: Netious
 CVE-2008-2460 (SQL injection vulnerability in faq.php in vBulletin 3.7.0 Gold
allows ...)
-	TODO: check
+	NOT-FOR-US: vBulletin
 CVE-2008-2459 (Directory traversal vulnerability in page.php in
EntertainmentScript ...)
-	TODO: check
+	NOT-FOR-US: EntertainmentScript
 CVE-2008-2458 (Cross-site scripting (XSS) vulnerability in index.php in
Starsgames ...)
-	TODO: check
+	NOT-FOR-US: Starsgames
 CVE-2008-2457 (SQL injection vulnerability in jokes_category.php in
PHP-Jokesite 2.0 ...)
-	TODO: check
+	NOT-FOR-US: PHP-Jokesite
 CVE-2008-2456 (SQL injection vulnerability in index.php in ComicShout 2.5 and
earlier ...)
-	TODO: check
+	NOT-FOR-US: ComicShout
 CVE-2008-2455 (SQL injection vulnerability in comment.php in the MacGuru BLOG
Engine ...)
-	TODO: check
+	NOT-FOR-US: MacGuru BLOG Engine
 CVE-2008-2454 (SQL injection vulnerability in the xsstream-dm (com_xsstream-dm)
...)
-	TODO: check
+	NOT-FOR-US: xsstream-dm
 CVE-2008-2453 (Multiple SQL injection vulnerabilities in PHP Classifieds Script
allow ...)
-	TODO: check
+	NOT-FOR-US: PHP Classifieds Script
 CVE-2008-2452 (Cross-site scripting (XSS) vulnerability in the Questionaire
(aka ...)
-	TODO: check
+	NOT-FOR-US: Questionaire pbsurvey
 CVE-2008-2451 (Multiple SQL injection vulnerabilities in the Statistics (aka
...)
-	TODO: check
+	NOT-FOR-US: Statistics ke_stats
 CVE-2008-2450 (Multiple cross-site scripting (XSS) vulnerabilities in the
Statistics ...)
-	TODO: check
+	NOT-FOR-US: Statistics ke_stats
 CVE-2008-2449 (Multiple cross-site scripting (XSS) vulnerabilities in Isaac
McGowan ...)
-	TODO: check
+	NOT-FOR-US: phpInstantGallery
 CVE-2008-2448 (Multiple SQL injection vulnerabilities in Meto Forum 1.1 allow
remote ...)
-	TODO: check
+	NOT-FOR-US: Meto Forum
 CVE-2008-2447 (SQL injection vulnerability in products.php in the Mytipper
ZoGo-shop ...)
-	TODO: check
+	NOT-FOR-US: Mytipper ZoGo-shop
 CVE-2008-2446 (Multiple SQL injection vulnerabilities in Web Group
Communication ...)
-	TODO: check
+	NOT-FOR-US: Web Group Communication Center
 CVE-2008-2445 (Cross-site scripting (XSS) vulnerability in profile.php in Web
Group ...)
-	TODO: check
+	NOT-FOR-US: Web Group Communication Center
 CVE-2008-2444 (SQL injection vulnerability in userreg.php in CaLogic Calendars
1.2.2 ...)
-	TODO: check
+	NOT-FOR-US: CaLogic Calendars
 CVE-2008-2443 (SQL injection vulnerability in dpage.php in The Real Estate
Script ...)
-	TODO: check
+	NOT-FOR-US: Real Estate Script
 CVE-2008-2442
 	RESERVED
 CVE-2008-2441
@@ -149,37 +149,37 @@
 CVE-2008-2426
 	RESERVED
 CVE-2008-2425 (SQL injection vulnerability in index.php in FicHive 1.0 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: FicHive
 CVE-2008-2422 (SQL injection vulnerability in index.php in Web Slider 0.6
allows ...)
-	TODO: check
+	NOT-FOR-US: Web Slider
 CVE-2008-2421 (Cross-site scripting (XSS) vulnerability in the Web GUI in SAP
Web ...)
-	TODO: check
+	NOT-FOR-US: Web GUI in SAP Web Application Server (WAS)
 CVE-2008-2419 (Mozilla Firefox 2.0.0.14 allows remote attackers to cause a
denial of ...)
 	TODO: check
 CVE-2008-2418 (Race condition in the STREAMS Administrative Driver (sad) in Sun
...)
-	TODO: check
+	NOT-FOR-US: STREAMS Administrative Driver SUN
 CVE-2008-2417 (SQL injection vulnerability in showQAnswer.asp in How2ASP.net
Webboard ...)
-	TODO: check
+	NOT-FOR-US: Webboard
 CVE-2008-2416 (SQL injection vulnerability in index.php in FicHive 1.0 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: FicHive
 CVE-2008-2415 (Directory traversal vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: DigitalHive
 CVE-2008-2414 (Cross-site scripting (XSS) vulnerability in send_email.php in AN
...)
-	TODO: check
+	NOT-FOR-US: AN Guestbook
 CVE-2008-2413 (Cross-site scripting (XSS) vulnerability in glossaire.php in
ACGV News ...)
-	TODO: check
+	NOT-FOR-US: ACGV News
 CVE-2008-2412 (SQL injection vulnerability in glossaire.php in ACGV News 0.9.1
allows ...)
-	TODO: check
+	NOT-FOR-US: ACGV News
 CVE-2008-2411 (SQL injection vulnerability in index.php in SazCart 1.5.1 and
earlier, ...)
-	TODO: check
+	NOT-FOR-US: SazCart
 CVE-2008-2410 (Cross-site scripting (XSS) vulnerability in the servlet engine
and Web ...)
-	TODO: check
+	NOT-FOR-US: Web Server service in IBM Lotus Domino
 CVE-2008-2409 (Stack-based buffer overflow in Cerulean Studios Trillian before
...)
-	TODO: check
+	NOT-FOR-US: Cerulean Studios Trillian
 CVE-2008-2408 (Heap-based buffer overflow in the XML parsing functionality in
...)
-	TODO: check
+	NOT-FOR-US: Cerulean Studios Trillian
 CVE-2008-2407 (Stack-based buffer overflow in AIM.DLL in Cerulean Studios
Trillian ...)
-	TODO: check
+	NOT-FOR-US: Cerulean Studios Trillian
 CVE-2008-2406
 	RESERVED
 CVE-2008-2405
@@ -193,7 +193,7 @@
 CVE-2008-2401
 	RESERVED
 CVE-2008-2400 (Unspecified vulnerability in stunnel before 4.23, when running
as a ...)
-	TODO: check
+	- stunnel4 <not-affected> (Windows specific issue)
 CVE-2008-2399 (Directory traversal vulnerability in the FireFTP add-on before
...)
 	TODO: check
 CVE-2008-XXXX [Adobe Flash Player is prone to an unspecified remote
code-execution vulnerability]
Secure testing commits - May 2008 - r8932 - data/CVE

[Secure-testing-commits] r8932 - data/CVE
