jmm-guest at alioth.debian.org
2008-Dec-06 14:27 UTC
[Secure-testing-commits] r10635 - data/CVE
Author: jmm-guest
Date: 2008-12-06 14:27:42 +0000 (Sat, 06 Dec 2008)
New Revision: 10635
Modified:
data/CVE/list
Log:
- joomla itp has been closed, mark previois entries as NFU
- add one BASE issue, which was marked as NFU
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-12-06 14:17:56 UTC (rev 10634)
+++ data/CVE/list 2008-12-06 14:27:42 UTC (rev 10635)
@@ -2883,13 +2883,13 @@
CVE-2008-4106 (WordPress before 2.6.2 does not properly handle MySQL warnings
about ...)
- wordpress 2.5.1-8 (bug #500115)
CVE-2008-4105 (JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables
that ...)
- - joomla <itp> (bug #326398)
+ NOT-FOR-US: Joomla
CVE-2008-4104 (Multiple open redirect vulnerabilities in Joomla! 1.5 before
1.5.7 ...)
- - joomla <itp> (bug #326398)
+ NOT-FOR-US: Joomla
CVE-2008-4103 (The mailto (aka com_mailto) component in Joomla! 1.5 before
1.5.7 ...)
- - joomla <itp> (bug #326398)
+ NOT-FOR-US: Joomla
CVE-2008-4102 (Joomla! 1.5 before 1.5.7 initializes PHP''s PRNG with a
weak seed, ...)
- - joomla <itp> (bug #326398)
+ NOT-FOR-US: Joomla
CVE-2008-4101 (Vim 3.0 through 7.x before 7.2.010 does not properly escape ...)
- vim 2:7.2.010-1 (bug #500381)
[lenny] - vim 1:7.1.314-3+lenny1
@@ -4009,7 +4009,7 @@
CVE-2008-3682 (SQL injection vulnerability in dpage.php in YPN PHP Realty
allows ...)
NOT-FOR-US: YPN PHP Realty
CVE-2008-3681 (components/com_user/models/reset.php in Joomla! 1.5 through
1.5.5 does ...)
- - joomla <itp> (bug #326398)
+ NOT-FOR-US: Joomla
CVE-2008-3680 (The decryption function in Flagship Industries Ventrilo 3.0.2
and ...)
NOT-FOR-US: Flagship Industries Ventrilo
CVE-2008-3679 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
@@ -5088,13 +5088,13 @@
- ffmpeg <removed> (unimportant)
NOTE: Only a NULL pointer deference, hardly security relevant
CVE-2008-3228 (Joomla! before 1.5.4 does not configure .htaccess to apply
certain ...)
- - joomla <itp> (bug #326398)
+ NOT-FOR-US: Joomla
CVE-2008-3227 (Unspecified vulnerability in Joomla! before 1.5.4 has unknown
impact ...)
- - joomla <itp> (bug #326398)
+ NOT-FOR-US: Joomla
CVE-2008-3226 (The file caching implementation in Joomla! before 1.5.4 allows
...)
- - joomla <itp> (bug #326398)
+ NOT-FOR-US: Joomla
CVE-2008-3225 (Joomla! before 1.5.4 allows attackers to access administration
...)
- - joomla <itp> (bug #326398)
+ NOT-FOR-US: Joomla
CVE-2008-3217 (PowerDNS Recursor before 3.1.6 does not always use the strongest
...)
{DSA-1544-2}
- pdns-recursor 3.1.7-1 (low; bug #493576)
@@ -9016,7 +9016,7 @@
CVE-2008-1534 (Multiple directory traversal vulnerabilities in PowerPHPBoard
1.00b ...)
NOT-FOR-US: PowerPHPBoard
CVE-2008-1533 (Unspecified vulnerability in the XML-RPC Blogger API plugin in
Joomla! ...)
- - joomla <itp> (bug #326398)
+ NOT-FOR-US: Joomla
CVE-2008-1532 (Perlbal before 1.70, when buffered upload is enabled, allows
remote ...)
- perlbal <itp> (bug #456534)
CVE-2008-1531 (The connection_state_machine function (connections.c) in
lighttpd ...)
@@ -12728,13 +12728,13 @@
CVE-2007-6646 (Multiple cross-site scripting (XSS) vulnerabilities in LiveCart
1.0.1, ...)
NOT-FOR-US: LiveCart
CVE-2007-6645 (Unspecified vulnerability in Joomla! before 1.5 RC4 allows
remote ...)
- - joomla <itp> (bug #326398)
+ NOT-FOR-US: Joomla
CVE-2007-6644 (Joomla! before 1.5 RC4 allows remote authenticated
administrators to ...)
- - joomla <itp> (bug #326398)
+ NOT-FOR-US: Joomla
CVE-2007-6643 (Cross-site scripting (XSS) vulnerability in the com_poll
component in ...)
- - joomla <itp> (bug #326398)
+ NOT-FOR-US: Joomla
CVE-2007-6642 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Joomla! ...)
- - joomla <itp> (bug #326398)
+ NOT-FOR-US: Joomla
CVE-2007-6641 (Cross-site scripting (XSS) vulnerability in dir.php in
milliscripts ...)
NOT-FOR-US: milliscripts
CVE-2007-6640 (Creammonkey 0.9 through 1.1 and GreaseKit 1.2 through 1.3 does
not ...)
@@ -13683,7 +13683,7 @@
CVE-2007-6273 (Multiple format string vulnerabilities in the configuration file
in ...)
NOT-FOR-US: SonicWALL GLobal VPN Client
CVE-2007-6272 (Multiple SQL injection vulnerabilities in index.php in Joomla!
1.5 RC3 ...)
- - joomla <itp> (bug #326398)
+ NOT-FOR-US: Joomla
CVE-2007-6271 (Absolute News Manager.NET 5.1 allows remote attackers to obtain
...)
NOT-FOR-US: Absolute News Manager.NET
CVE-2007-6270 (Multiple cross-site scripting (XSS) vulnerabilities in Absolute
News ...)
@@ -15952,9 +15952,9 @@
CVE-2007-5579 (login.php in Pligg CMS 9.5 uses a guessable confirmation code
when ...)
NOT-FOR-US: Pligg CMS
CVE-2007-5578 (Basic Analysis and Security Engine (BASE) before 1.3.8 sends a
...)
- NOT-FOR-US: BASE
+ - acidbase 1.3.8
CVE-2007-5577 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla!
before ...)
- - joomla <itp> (bug #326398)
+ NOT-FOR-US: Joomla
CVE-2007-5576 (BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic
...)
NOT-FOR-US: BEA Tuxedo
CVE-2007-5575 (Cross-site request forgery (CSRF) vulnerability in 1024 CMS
1.2.5 ...)
@@ -16450,7 +16450,7 @@
CVE-2007-5428 (Cross-site scripting (XSS) vulnerability in UMI CMS allows
remote ...)
NOT-FOR-US: UMI CMS
CVE-2007-5427 (Cross-site scripting (XSS) vulnerability in the com_search
component ...)
- - joomla <itp> (bug #326398)
+ NOT-FOR-US: Joomla
CVE-2007-5426 (Multiple cross-site scripting (XSS) vulnerabilities in ActiveKB
NX ...)
NOT-FOR-US: ActiveKB NX
CVE-2007-5425 (SQL injection vulnerability in admin/index.php in Interspire
ActiveKB ...)
@@ -18271,15 +18271,15 @@
- php5 5.2.3-1 (unimportant)
NOTE: Only triggerable by malicious script
CVE-2007-4781 (administrator/index.php in the installer component
(com_installer) in ...)
- - joomla <itp> (bug #326398)
+ NOT-FOR-US: Joomla
CVE-2007-4780 (Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to
obtain ...)
- - joomla <itp> (bug #326398)
+ NOT-FOR-US: Joomla
CVE-2007-4779 (Cross-site scripting (XSS) vulnerability in Joomla! 1.5 before
RC2 ...)
- - joomla <itp> (bug #326398)
+ NOT-FOR-US: Joomla
CVE-2007-4778 (Multiple SQL injection vulnerabilities in the content component
...)
- - joomla <itp> (bug #326398)
+ NOT-FOR-US: Joomla
CVE-2007-4777 (SQL injection vulnerability in Joomla! 1.5 before RC2 (aka
Endeleo) ...)
- - joomla <itp> (bug #326398)
+ NOT-FOR-US: Joomla
CVE-2007-4776 (Buffer overflow in Microsoft Visual Basic 6.0 and Enterprise
Edition ...)
NOT-FOR-US: Microsoft Visual Basic
CVE-2007-4775
@@ -19585,7 +19585,7 @@
CVE-2007-4245 (Cross-site scripting (XSS) vulnerability in Search.php in DiMeMa
...)
NOT-FOR-US: DiMeMa CONTENTdm
CVE-2007-4244 (PHP remote file inclusion vulnerability in langset.php in J!
...)
- - joomla <itp> (bug #326398)
+ NOT-FOR-US: Joomla
CVE-2007-4243 (Unspecified vulnerability in pfilter-reporter.pl in Astaro
Security ...)
NOT-FOR-US: Astaro Security Gateway
CVE-2007-4242 (The pop3 Proxy in Astaro Security Gateway (ASG) 7 does not
perform ...)
@@ -19706,19 +19706,19 @@
CVE-2007-4191 (Panda Antivirus 2008 stores service executables under the
product''s ...)
NOT-FOR-US: Panda Antivirus
CVE-2007-4190 (CRLF injection vulnerability in Joomla! before 1.0.13 (aka
Sunglow) ...)
- - joomla <itp> (bug #326398)
+ NOT-FOR-US: Joomla
CVE-2007-4189 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla!
before ...)
- - joomla <itp> (bug #326398)
+ NOT-FOR-US: Joomla
CVE-2007-4188 (Session fixation vulnerability in Joomla! before 1.0.13 (aka
Sunglow) ...)
- - joomla <itp> (bug #326398)
+ NOT-FOR-US: Joomla
CVE-2007-4187 (Multiple eval injection vulnerabilities in the com_search
component in ...)
- - joomla <itp> (bug #326398)
+ NOT-FOR-US: Joomla
CVE-2007-4186 (PHP remote file inclusion vulnerability in admin.tour_toto.php
in the ...)
NOT-FOR-US: Joomla! addon
CVE-2007-4185 (Joomla! 1.0.12 allows remote attackers to obtain sensitive
information ...)
- - joomla <itp> (bug #326398)
+ NOT-FOR-US: Joomla
CVE-2007-4184 (SQL injection vulnerability in
administrator/popups/pollwindow.php in ...)
- - joomla <itp> (bug #326398)
+ NOT-FOR-US: Joomla
CVE-2007-4183 (SQL injection vulnerability in main.php in paBugs 2.0 Beta 3 and
...)
NOT-FOR-US: paBugs
CVE-2007-4182 (Unrestricted file upload vulnerability in index.php in
WikiWebWeaver ...)
@@ -24508,7 +24508,7 @@
CVE-2007-2200 (Directory traversal vulnerability in navigator/navigator_ok.php
in ...)
NOT-FOR-US: Pagode
CVE-2007-2199 (PHP remote file inclusion vulnerability in lib/pcltar.lib.php
(aka ...)
- - joomla <itp> (bug #326398)
+ NOT-FOR-US: Joomla
CVE-2007-2198 (Cross-site scripting (XSS) vulnerability in LAN Management
System ...)
NOT-FOR-US: LAN Management System
CVE-2007-2197 (Race condition in the NeatUpload ASP.NET component 1.2.11
through ...)
@@ -28061,11 +28061,11 @@
CVE-2007-0871 (Unrestricted file upload vulnerability in eXtremePow eXtreme
File ...)
NOT-FOR-US: eXtreme File Hosting
CVE-2006-7010 (The mosgetparam implementation in Joomla! before 1.0.10, does
not set ...)
- - joomla <itp> (bug #326398)
+ NOT-FOR-US: Joomla
CVE-2006-7009 (Joomla! before 1.0.10 allows remote attackers to spoof the
frontend ...)
- - joomla <itp> (bug #326398)
+ NOT-FOR-US: Joomla
CVE-2006-7008 (Unspecified vulnerability in Joomla! before 1.0.10 has unknown
impact ...)
- - joomla <itp> (bug #326398)
+ NOT-FOR-US: Joomla
CVE-2006-7007 (Buffer overflow in Tiny FTPd 1.4 and earlier allows remote
attackers ...)
NOT-FOR-US: Tiny FTPd
CVE-2006-7006 (** DISPUTED ** ...)
@@ -29334,7 +29334,7 @@
CVE-2007-0388 (SQL injection vulnerability in search.php in Woltlab Burning
Board ...)
NOT-FOR-US: Woltlab Burning Board
CVE-2007-0387 (SQL injection vulnerability in models/category.php in the
Weblinks ...)
- - joomla <itp> (bug #326398)
+ NOT-FOR-US: Joomla
CVE-2007-0386 (Unspecified vulnerability in the rating section in PostNuke
0.764 has ...)
NOT-FOR-US: PostNuke
CVE-2007-0385 (The faq section in PostNuke 0.764 allows remote attackers to
obtain ...)
@@ -29358,14 +29358,11 @@
CVE-2007-0376 (Cross-site scripting (XSS) vulnerability in Virtuemart 1.0.7
allows ...)
NOT-FOR-US: Virtuemart
CVE-2007-0375 (Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive
...)
- - joomla <itp> (bug #326398)
+ NOT-FOR-US: Joomla
CVE-2007-0374 (SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta,
and ...)
- mambo 4.6.1-5 (bug #407995; low)
- - joomla <itp> (bug #326398)
- NOTE: Mantainer working in new upstream version of Joomla and waiting patch
- NOTE: for Mambo.
CVE-2007-0373 (Multiple SQL injection vulnerabilities in Joomla! 1.5.0 Beta
allow ...)
- - joomla <itp> (bug #326398)
+ NOT-FOR-US: Joomla
CVE-2007-0372 (Multiple SQL injection vulnerabilities in Francisco Burzi
PHP-Nuke 7.9 ...)
NOT-FOR-US: PHP-Nuke
CVE-2007-0371 (A certain ActiveX control in the Common Controls Replacement
Project ...)
@@ -35792,28 +35789,27 @@
CVE-2006-4477 (Multiple PHP remote file inclusion vulnerabilities in Visual
Shapers ...)
NOT-FOR-US: ezContents
CVE-2006-4476 (Multiple unspecified vulnerabilities in Joomla! before 1.0.11,
related ...)
- - joomla <itp> (bug #326398)
+ NOT-FOR-US: Joomla
CVE-2006-4475 (Joomla! before 1.0.11 does not limit access to the Admin Popups
...)
- - joomla <itp> (bug #326398)
+ NOT-FOR-US: Joomla
CVE-2006-4474 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla!
before ...)
- - joomla <itp> (bug #326398)
- NOTE: Joomla is a new package and the version 1.0.12-2 is not affected.
+ NOT-FOR-US: Joomla
CVE-2006-4473 (Unspecified vulnerability in com_content in Joomla! before
1.0.11, ...)
- - joomla <itp> (bug #326398)
+ NOT-FOR-US: Joomla
CVE-2006-4472 (Multiple unspecified vulnerabilities in Joomla! before 1.0.11
allow ...)
- - joomla <itp> (bug #326398)
+ NOT-FOR-US: Joomla
CVE-2006-4471 (The Admin Upload Image functionality in Joomla! before 1.0.11
allows ...)
- - joomla <itp> (bug #326398)
+ NOT-FOR-US: Joomla
CVE-2006-4470 (Joomla! before 1.0.11 omits some checks for whether _VALID_MOS
is ...)
- - joomla <itp> (bug #326398)
+ NOT-FOR-US: Joomla
CVE-2006-4469 (Unspecified vulnerability in PEAR.php in Joomla! before 1.0.11
allows ...)
- - joomla <itp> (bug #326398)
+ NOT-FOR-US: Joomla
CVE-2006-4468 (Multiple unspecified vulnerabilities in Joomla! before 1.0.11,
related ...)
- - joomla <itp> (bug #326398)
+ NOT-FOR-US: Joomla
CVE-2006-4467 (Simple Machines Forum (SMF) 1.1RCx before 1.1RC3, and 1.0.x
before ...)
NOT-FOR-US: Simple Machines Forum
CVE-2006-4466 (Joomla! before 1.0.11 does not properly unset variables when the
input ...)
- - joomla <itp> (bug #326398)
+ NOT-FOR-US: Joomla
CVE-2006-4465 (** DISPUTED ** ...)
NOT-FOR-US: Microsoft
CVE-2006-4464 (The Nokia Browser, possibly Nokia Symbian 60 Browser 3rd
edition, ...)
@@ -38107,9 +38103,9 @@
CVE-2006-3482 (Cross-site scripting (XSS) vulnerability in maillist.php in ...)
NOT-FOR-US: PHPMailList
CVE-2006-3481 (Multiple SQL injection vulnerabilities in Joomla! before 1.0.10
allow ...)
- - joomla <itp> (bug #326398)
+ NOT-FOR-US: Joomla
CVE-2006-3480 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla!
before ...)
- - joomla <itp> (bug #326398)
+ NOT-FOR-US: Joomla
CVE-2006-3479 (Cross-site request forgery (CSRF) vulnerability in the del_block
...)
NOT-FOR-US: Nuked-Klan
CVE-2006-3478 (PHP remote file inclusion vulnerability in ...)
@@ -39242,7 +39238,7 @@
CVE-2006-2961 (Stack-based buffer overflow in CesarFTP 0.99g and earlier allows
...)
NOT-FOR-US: CesarFTP
CVE-2006-2960 (PHP remote file inclusion vulnerability in includes/joomla.php
in ...)
- - joomla <itp> (bug #326398)
+ NOT-FOR-US: Joomla
CVE-2006-2959 (SQL injection vulnerability in inc_header.asp in Snitz Forum
3.4.05 ...)
NOT-FOR-US: Snitz Forum
CVE-2006-2958 (Directory traversal vulnerability in FilZip 3.05 allows remote
...)
@@ -41604,10 +41600,8 @@
NOT-FOR-US: WWWThreads
CVE-2006-1957 (The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows
...)
- mambo 4.6.1-4 (bug #364769; medium)
- - joomla <itp> (bug #326398)
CVE-2006-1956 (The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows
...)
- mambo 4.6.1-4 (bug #364769; medium)
- - joomla <itp> (bug #326398)
CVE-2006-1955 (PHP remote file inclusion vulnerability in authent.php4 in
Nicolas ...)
NOT-FOR-US: RechnungsZentrale
CVE-2006-1954 (SQL injection vulnerability in authent.php4 in Nicolas Fischer
(aka ...)