Author: derevko-guest
Date: 2009-08-24 07:00:54 +0000 (Mon, 24 Aug 2009)
New Revision: 12670
Modified:
data/CVE/list
Log:
- NFUs
- CVE-2009-2732: ntop DoS
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-08-24 01:48:47 UTC (rev 12669)
+++ data/CVE/list 2009-08-24 07:00:54 UTC (rev 12670)
@@ -1,34 +1,34 @@
CVE-2009-2962
REJECTED
- TODO: check
+ NOT-FOR-US: duplicate of CVE-2009-2692
CVE-2009-2925 (Directory traversal vulnerability in DJcalendar.cgi in
DJCalendar ...)
- TODO: check
+ NOT-FOR-US: DJCalendar
CVE-2009-2924 (Multiple SQL injection vulnerabilities in Videos Broadcast
Yourself 2 ...)
- TODO: check
+ NOT-FOR-US: Videos Broadcast Yourself 2
CVE-2009-2923 (Multiple directory traversal vulnerabilities in BitmixSoft
PHP-Lance ...)
- TODO: check
+ NOT-FOR-US: BitmixSoft PHP-Lance
CVE-2009-2922 (Absolute path traversal vulnerability in pixaria.image.php in
Pixaria ...)
- TODO: check
+ NOT-FOR-US: Pixaria Gallery
CVE-2009-2921 (Multiple SQL injection vulnerabilities in login.php in MOC
Designs PHP ...)
- TODO: check
+ NOT-FOR-US: MOC Designs PHP News
CVE-2009-2920 (Multiple cross-site scripting (XSS) vulnerabilities in Elvin
1.2.2 ...)
- TODO: check
+ NOT-FOR-US: Elvin
CVE-2009-2919 (Cross-site scripting (XSS) vulnerability in Boonex Orca 2.0 and
2.0.2 ...)
- TODO: check
+ NOT-FOR-US: Boonex Orca
CVE-2009-2918 (The tgbvpn.sys driver in TheGreenBow IPSec VPN Client 4.61.003
allows ...)
- TODO: check
+ NOT-FOR-US: TheGreenBow IPSec VPN Client
CVE-2009-2917 (Stack-based buffer overflow in ImTOO MPEG Encoder 3.1.53 allows
remote ...)
- TODO: check
+ NOT-FOR-US: ImTOO MPEG Encoder
CVE-2009-2916 (Format string vulnerability in the CNS_AddTxt function in
logs.dll in ...)
- TODO: check
+ NOT-FOR-US: 2K Games Vietcong
CVE-2009-2915 (SQL injection vulnerability in 2fly_gift.php in 2FLY Gift
Delivery ...)
- TODO: check
+ NOT-FOR-US: 2FLY Gift Delivery System
CVE-2009-2914 (Cross-site scripting (XSS) vulnerability in index.php in XZero
...)
- TODO: check
+ NOT-FOR-US: XZero Community Classified
CVE-2009-2913 (Cross-site scripting (XSS) vulnerability in index.php in XZero
...)
- TODO: check
+ NOT-FOR-US: XZero Community Classified
CVE-2009-2912 (The (1) sendfile and (2) sendfilev functions in Sun Solaris 8
through ...)
- TODO: check
+ NOT-FOR-US: Sun Solaris
CVE-2009-2911
RESERVED
CVE-2009-2910
@@ -60,37 +60,37 @@
CVE-2009-2897
RESERVED
CVE-2009-2896 (Buffer overflow in KMplayer 2.9.4.1433 and earlier allows remote
...)
- TODO: check
+ NOT-FOR-US: KMPlayer: http://www.kmplayer.com
CVE-2009-2895 (SQL injection vulnerability in rss.php in Ultimate Regnow
Affiliate ...)
- TODO: check
+ NOT-FOR-US: Ultimate Regnow Affiliate
CVE-2009-2894 (Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow
remote ...)
- TODO: check
+ NOT-FOR-US: Ebay Clone 2009
CVE-2009-2893 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
- TODO: check
+ NOT-FOR-US: XZero Community Classifieds
CVE-2009-2892 (Multiple SQL injection vulnerabilities in header.php in
Scripteen Free ...)
- TODO: check
+ NOT-FOR-US: Scripteen Free Image Hosting Script
CVE-2009-2891 (SQL injection vulnerability in list.php in PHP Scripts Now
Riddles ...)
- TODO: check
+ NOT-FOR-US: PHP Scripts Now Riddles
CVE-2009-2890 (Cross-site scripting (XSS) vulnerability in results.php in PHP
Scripts ...)
- TODO: check
+ NOT-FOR-US: PHP Scripts Now Riddles
CVE-2009-2889 (Cross-site scripting (XSS) vulnerability in index.php in PHP
Scripts ...)
- TODO: check
+ NOT-FOR-US: PHP Scripts Now Riddles
CVE-2009-2888 (SQL injection vulnerability in index.php in PHP Scripts Now
Hangman ...)
- TODO: check
+ NOT-FOR-US: PHP Scripts Now Hangman
CVE-2009-2887 (Cross-site scripting (XSS) vulnerability in bios.php in PHP
Scripts ...)
- TODO: check
+ NOT-FOR-US: PHP Scripts Now President Bios
CVE-2009-2886 (SQL injection vulnerability in bios.php in PHP Scripts Now
President ...)
- TODO: check
+ NOT-FOR-US: PHP Scripts Now President
CVE-2009-2885 (SQL injection vulnerability in bios.php in PHP Scripts Now
World''s ...)
- TODO: check
+ NOT-FOR-US: PHP Scripts Now World''s
CVE-2009-2884 (Cross-site scripting (XSS) vulnerability in bios.php in PHP
Scripts ...)
- TODO: check
+ NOT-FOR-US: PHP Scripts Now World''s Tallest Buildings
CVE-2009-2883 (SQL injection vulnerability in admin/login.php in SaphpLesson
4.0, ...)
- TODO: check
+ NOT-FOR-US: SaphpLesson
CVE-2009-2882 (Multiple cross-site scripting (XSS) vulnerabilities in PG
MatchMaking ...)
- TODO: check
+ NOT-FOR-US: PG MatchMaking
CVE-2009-2881 (Multiple SQL injection vulnerabilities in Basilic 1.5.13 allow
remote ...)
- TODO: check
+ NOT-FOR-US: Basilic
CVE-2009-XXXX [BackupPC ClientNameAlias ssh rsync backup security bypass]
- backuppc <unfixed> (low; bug #542218)
NOTE: no-dsa candidate
@@ -600,7 +600,8 @@
CVE-2009-2733
RESERVED
CVE-2009-2732 (The checkHTTPpassword function in http.c in ntop 3.3.10 and
earlier ...)
- TODO: check
+ - ntop <unfixed> (low; bug #543312)
+ NOTE: no-dsa candidate
CVE-2009-2731
RESERVED
CVE-2009-2730 (libgnutls in GnuTLS before 2.8.2 does not properly handle a
''\0'' ...)
@@ -7650,7 +7651,7 @@
CVE-2005-4878 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
- acidbase 1.2.1-1
CVE-2009-0638 (The Cisco Firewall Services Module (FWSM) 2.x, 3.1 before
3.1(16), 3.2 ...)
- TODO: check
+ NOT-FOR-US: Cisco Firewall Services Module
CVE-2009-0637 (The SCP server in Cisco IOS 12.2 through 12.4, when Role-Based
CLI ...)
NOT-FOR-US: Cisco IOS
CVE-2009-0636 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when
SIP ...)
@@ -22782,7 +22783,6 @@
NOTE: The blog has to provide user accounts
NOTE: A crafted XML-RPC request referring to a valid user can exploit this
TODO: check if packages embedding xmlrpc share this code
- TODO: DSA-1601-1 introduced a regression in the etch version (#491846). That
patch should be removed in the next DSA.
CVE-2008-0553 (Stack-based buffer overflow in the ReadImage function in
tkImgGIF.c in ...)
{DSA-1598-1 DSA-1491-1 DSA-1490-1 DTSA-140-1}
- tk8.5 8.5.0-3