thr3ads.net - Secure testing commits - [Secure-testing-commits] r12683

If this information is useful, please help other people find it:
Share via:
Giuseppe Iuculano
2009-Aug-26 07:38 UTC
[Secure-testing-commits] r12683 - data/CVE

Author: derevko-guest
Date: 2009-08-26 07:38:50 +0000 (Wed, 26 Aug 2009)
New Revision: 12683

Modified:
   data/CVE/list
Log:
NFUs and chromium-browser itp

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-08-25 21:14:28 UTC (rev 12682)
+++ data/CVE/list	2009-08-26 07:38:50 UTC (rev 12683)
@@ -3,79 +3,79 @@
 CVE-2009-2957
 	RESERVED
 CVE-2009-2956 (The (1) Net.Commerce and (2) Net.Data components in IBM
WebSphere ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere
 CVE-2009-2955 (Google Chrome 1.0.154.48 and earlier allows remote attackers to
cause ...)
-	TODO: check
+	- chromium-browser <itp> (bug #520324)
 CVE-2009-2954 (Microsoft Internet Explorer 6.0.2900.2180 and earlier allows
remote ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2009-2953 (Mozilla Firefox 3.0.6 through 3.0.13, and 3.5.x, allows remote
...)
 	TODO: check
 CVE-2009-2952 (Unspecified vulnerability in the pollwakeup function in Sun
Solaris ...)
-	TODO: check
+	NOT-FOR-US: Sun Solaris
 CVE-2009-2951 (Phenotype CMS before 2.9 does not use a random salt value for
password ...)
-	TODO: check
+	NOT-FOR-US: Phenotype CMS
 CVE-2008-7083 (Multiple SQL injection vulnerabilities in ReVou Micro Blogging
Twitter ...)
-	TODO: check
+	NOT-FOR-US: ReVou Micro Blogging Twitter clone
 CVE-2008-7082 (MyBB (aka MyBulletinBoard) 1.4.3 includes the sensitive
my_post_key ...)
-	TODO: check
+	NOT-FOR-US: MyBB (aka MyBulletinBoard)
 CVE-2008-7081 (userHandler.cgi in RaidSonic ICY BOX NAS firmware
2.3.2.IB.2.RS.1 ...)
-	TODO: check
+	NOT-FOR-US: RaidSonic ICY BOX NAS firmware
 CVE-2008-7080 (Team PHP PHP Classifieds Script stores sensitive information
under the ...)
-	TODO: check
+	NOT-FOR-US: Team PHP PHP Classifieds Script
 CVE-2008-7079 (Buffer overflow in Nero ShowTime 5.0.15.0 allows remote
attackers to ...)
-	TODO: check
+	NOT-FOR-US: Nero ShowTime
 CVE-2008-7078 (Multiple buffer overflows in Rumpus before 6.0.1 allow remote
...)
-	TODO: check
+	NOT-FOR-US: Rumpus
 CVE-2008-7077 (Multiple SQL injection vulnerabilities in SailPlanner 0.3a allow
...)
-	TODO: check
+	NOT-FOR-US: SailPlanner
 CVE-2008-7076 (Unrestricted file upload vulnerability in
user.modify.profile.php in ...)
-	TODO: check
+	NOT-FOR-US: Kalptaru Infotech Ltd. Star Articles
 CVE-2008-7075 (Multiple SQL injection vulnerabilities in Kalptaru Infotech Ltd.
Star ...)
-	TODO: check
+	NOT-FOR-US: Kalptaru Infotech Ltd. Star Articles
 CVE-2008-7074 (Format string vulnerability in MemeCode Software i.Scribe 1.88
through ...)
-	TODO: check
+	NOT-FOR-US: MemeCode Software i.Scribe
 CVE-2008-7073 (PHP remote file inclusion vulnerability in lib/action/rss.php in
RSS ...)
-	TODO: check
+	NOT-FOR-US: RSS module 0.1 for Pie Web M{a,e}sher
 CVE-2008-7072 (Cross-site scripting (XSS) vulnerability in index.php in
Chipmunk ...)
-	TODO: check
+	NOT-FOR-US: Chipmunk Topsites
 CVE-2008-7071 (SQL injection vulnerability in authenticate.php in Chipmunk
Topsites ...)
-	TODO: check
+	NOT-FOR-US: Chipmunk Topsites
 CVE-2008-7070 (Argument injection vulnerability in the URI handler in KVIrc
3.4.2 ...)
 	TODO: check
 CVE-2008-7069 (All Club CMS (ACCMS) 0.0.2 and earlier stores sensitive
information ...)
-	TODO: check
+	NOT-FOR-US: All Club CMS (ACCMS)
 CVE-2008-7068 (The dba_replace function in PHP 5.2.6 and 4.x allows
context-dependent ...)
 	TODO: check
 CVE-2008-7067 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: PageTree CMS 
 CVE-2008-7066 (OpenForum 0.66 Beta allows remote attackers to bypass
authentication ...)
-	TODO: check
+	NOT-FOR-US: OpenForum
 CVE-2008-7065 (Siemens C450 IP and C475 IP VoIP devices allow remote attackers
to ...)
-	TODO: check
+	NOT-FOR-US: Siemens C450 IP and C475 IP VoIP devices
 CVE-2008-7064 (Directory traversal vulnerability in the get_lang function in
...)
-	TODO: check
+	NOT-FOR-US: Quicksilver Forums
 CVE-2008-7063 (Ocean12 FAQ Manager Pro stores sensitive data under the web root
with ...)
-	TODO: check
+	NOT-FOR-US: Ocean12 FAQ Manager Pro
 CVE-2008-7062 (Unrestricted file upload vulnerability in admin/index.php in
Download ...)
-	TODO: check
+	NOT-FOR-US: Download Manager module 1.0 for LoveCMS
 CVE-2008-7061 (The tooltip manager (chrome/views/tooltip_manager.cc) in Google
Chrome ...)
-	TODO: check
+	- chromium-browser <itp> (bug #520324)
 CVE-2008-7060 (Multiple cross-site scripting (XSS) vulnerabilities in One-News
Beta 2 ...)
-	TODO: check
+	NOT-FOR-US: One-News
 CVE-2008-7059 (SQL injection vulnerability in index.php in One-News Beta 2
allows ...)
-	TODO: check
+	NOT-FOR-US: One-News
 CVE-2008-7058 (Cross-site request forgery (CSRF) vulnerability in BandSite CMS
1.1.4 ...)
-	TODO: check
+	NOT-FOR-US: BandSite CMS
 CVE-2008-7057 (Cross-site scripting (XSS) vulnerability in merchandise.php in
...)
-	TODO: check
+	NOT-FOR-US: BandSite CMS
 CVE-2008-7056 (BandSite CMS 1.1.4 does not perform access control for ...)
-	TODO: check
+	NOT-FOR-US: BandSite CMS
 CVE-2008-7055 (module.php in ezContents 2.0.3 allows remote attackers to bypass
the ...)
-	TODO: check
+	NOT-FOR-US: ezContents
 CVE-2008-7054 (Multiple directory traversal vulnerabilities in ezContents 2.0.3
allow ...)
-	TODO: check
+	NOT-FOR-US: ezContents
 CVE-2008-7053 (LogMeIn Remote Access Utility ActiveX control (RACtrl.dll)
allows ...)
-	TODO: check
+	NOT-FOR-US: LogMeIn
 CVE-2009-2950
 	RESERVED
 CVE-2009-2949
@@ -109,97 +109,97 @@
 CVE-2009-2935
 	RESERVED
 CVE-2009-2934 (Multiple stack-based buffer overflows in xaudio.dll in
Programmed ...)
-	TODO: check
+	NOT-FOR-US: Programmed Integration PIPL
 CVE-2009-2933 (SQL injection vulnerability in comments.php in Piwigo before
2.0.3 ...)
-	TODO: check
+	NOT-FOR-US: Piwigo
 CVE-2009-2932 (Cross-site scripting (XSS) vulnerability in uddiclient/process
in the ...)
-	TODO: check
+	NOT-FOR-US: SAP NetWeaver
 CVE-2009-2931 (Directory traversal vulnerability in p.php in SlideShowPro
Director ...)
-	TODO: check
+	NOT-FOR-US: SlideShowPro Director
 CVE-2009-2930 (Cross-site scripting (XSS) vulnerability in the Search feature
in elka ...)
-	TODO: check
+	NOT-FOR-US: elka CMS (aka Elkapax) 
 CVE-2009-2929 (Multiple SQL injection vulnerabilities in TGS Content Management
0.x ...)
-	TODO: check
+	NOT-FOR-US: TGS Content Management
 CVE-2009-2928 (Cross-site scripting (XSS) vulnerability in login.php in TGS
Content ...)
-	TODO: check
+	NOT-FOR-US: TGS Content Management
 CVE-2009-2927 (SQL injection vulnerability in DetailFile.php in DigitalSpinners
DS ...)
-	TODO: check
+	NOT-FOR-US: DigitalSpinners DS CMS
 CVE-2009-2926 (Multiple SQL injection vulnerabilities in PHP Competition System
BETA ...)
-	TODO: check
+	NOT-FOR-US: PHP Competition System BETA
 CVE-2008-7052 (Unrestricted file upload vulnerability in profile.php in Pre
Projects ...)
-	TODO: check
+	NOT-FOR-US: Pre Projects Pre Real Estate Listings
 CVE-2008-7051 (AJ Square AJ Article allows remote attackers to bypass
authentication ...)
-	TODO: check
+	NOT-FOR-US: AJ Square AJ Article
 CVE-2008-7050 (The password_check function in auth/auth_phpbb3.php in WoW Raid
...)
-	TODO: check
+	NOT-FOR-US: WoW Raid Manager
 CVE-2008-7049 (Multiple SQL injection vulnerabilities in login.asp in
NatterChat 1.1 ...)
-	TODO: check
+	NOT-FOR-US: NatterChat
 CVE-2008-7048 (Multiple cross-site scripting (XSS) vulnerabilities in
NatterChat 1.12 ...)
-	TODO: check
+	NOT-FOR-US: NatterChat
 CVE-2008-7047 (NatterChat 1.1 allows remote attackers to bypass authentication
and ...)
-	TODO: check
+	NOT-FOR-US: NatterChat
 CVE-2008-7046 (AJ Square Free Polling Script (AJPoll) allows remote attackers
to ...)
-	TODO: check
+	NOT-FOR-US: AJ Square Free Polling Script 
 CVE-2008-7045 (AJ Square Free Polling Script (AJPoll) Database version allows
remote ...)
-	TODO: check
+	NOT-FOR-US: AJ Square Free Polling Script 
 CVE-2008-7044 (SQL injection vulnerability in admin/include/newpoll.php in AJ
Square ...)
-	TODO: check
+	NOT-FOR-US: AJ Square Free Polling Script 
 CVE-2008-7043 (Cross-site scripting (XSS) vulnerability in register.php in ...)
-	TODO: check
+	NOT-FOR-US: FreshScripts Fresh Email Script
 CVE-2008-7042 (PHP remote file inclusion vulnerability in url.php in
FreshScripts ...)
-	TODO: check
+	NOT-FOR-US: FreshScripts Fresh Email Script
 CVE-2008-7041 (AJ Classifieds allows remote attackers to bypass authentication
and ...)
-	TODO: check
+	NOT-FOR-US: AJ Classifieds
 CVE-2008-7040 (SQL injection vulnerability in ahah/sf-profile.php in the Yellow
...)
-	TODO: check
+	NOT-FOR-US: Yellow Swordfish Simple Forum module for Wordpress
 CVE-2008-7039 (Cross-site scripting (XSS) vulnerability in admin/comments.php
in ...)
-	TODO: check
+	NOT-FOR-US: Gelato CMS
 CVE-2008-7038 (SQL injection vulnerability in the My_eGallery module for
PHP-Nuke ...)
-	TODO: check
+	NOT-FOR-US: My_eGallery module for PHP-Nuke
 CVE-2008-7037 (The Sidebar gadget in ITN News Gadget (aka ITN Hub Gadget) 1.06
for ...)
-	TODO: check
+	NOT-FOR-US: ITN News Gadget
 CVE-2008-7036 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
-	TODO: check
+	NOT-FOR-US: DevTracker module 3.0 for bcoos
 CVE-2008-7035 (Cross-site scripting (XSS) vulnerability in an unspecified
component ...)
-	TODO: check
+	NOT-FOR-US: Simple Machines phpRaider
 CVE-2008-7034 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: PHPEcho CMS
 CVE-2008-7033 (SQL injection vulnerability in the Simple Shop Galore
(com_simpleshop) ...)
-	TODO: check
+	NOT-FOR-US: component for Joomla!
 CVE-2008-7032 (Web Management Console Cross-site request forgery (CSRF)
vulnerability ...)
-	TODO: check
+	NOT-FOR-US: web management console in F5 BIG-IP 
 CVE-2008-7031 (Heap-based buffer overflow in Foxit Remote Access Server (aka
WAC ...)
-	TODO: check
+	NOT-FOR-US: Foxit Remote Access Server (aka WAC Server) 
 CVE-2008-7030 (Multiple SQL injection vulnerabilities in Site2Nite Real Estate
Web ...)
-	TODO: check
+	NOT-FOR-US: Site2Nite Real Estate Web
 CVE-2008-7029 (Unrestricted file upload vulnerability in usercp.php in AlilG
...)
-	TODO: check
+	NOT-FOR-US: AlilG Application AliBoard
 CVE-2008-7028 (RPG.Board 0.8 Beta2 and earlier allows remote attackers to
bypass ...)
-	TODO: check
+	NOT-FOR-US: RPG.Board
 CVE-2008-7027 (Libra File Manager 1.18 and earlier allows remote attackers to
bypass ...)
-	TODO: check
+	NOT-FOR-US: Libra File Manager
 CVE-2008-7026 (Unrestricted file upload vulnerability in filesystem3.class.php
in ...)
-	TODO: check
+	NOT-FOR-US: eFront
 CVE-2008-7025 (TrueVector in Check Point ZoneAlarm 8.0.020.000, with vsmon.exe
...)
-	TODO: check
+	NOT-FOR-US: Check Point ZoneAlarm
 CVE-2008-7024 (admin.php in Arz Development The Gemini Portal 4.7 and earlier
allows ...)
-	TODO: check
+	NOT-FOR-US: Arz Development The Gemini Portal
 CVE-2008-7023 (Aruba Mobility Controller running ArubaOS 3.3.1.16, and possibly
other ...)
-	TODO: check
+	NOT-FOR-US: ArubaOS
 CVE-2008-7022 (Insecure method vulnerability in ChilkatMail_v7_9.dll in the
Chilkat ...)
-	TODO: check
+	NOT-FOR-US: Chilkat Software IMAP ActiveX control
 CVE-2008-7021 (Unrestricted file upload vulnerability in editlogo.php in
AvailScript ...)
-	TODO: check
+	NOT-FOR-US: AvailScript Jobs Portal Script
 CVE-2008-7020 (McAfee SafeBoot Device Encryption 4 build 4750 and earlier
stores ...)
-	TODO: check
+	NOT-FOR-US: McAfee SafeBoot Device Encryption
 CVE-2008-7019 (Esqlanelapse 2.6.1 and 2.6.2 allows remote attackers to bypass
...)
-	TODO: check
+	NOT-FOR-US: Esqlanelapse
 CVE-2008-7018 (Cross-site scripting (XSS) vulnerability in NashTech Easy PHP
Calendar ...)
-	TODO: check
+	NOT-FOR-US: NashTech Easy PHP Calendar 
 CVE-2008-7017 (Cross-site scripting (XSS) vulnerability in analyse.php in
CAcert ...)
-	TODO: check
+	NOT-FOR-US: CAcert
 CVE-2008-7016 (tnftpd before 20080929 splits large command strings into
multiple ...)
-	TODO: check
+	NOT-FOR-US: tnftpd
 CVE-2003-1574 (TikiWiki 1.6.1 allows remote attackers to bypass authentication
by ...)
 	TODO: check
 CVE-2009-XXXX [pidgin does not honour SSL/TLS]
@@ -2797,7 +2797,7 @@
 CVE-2009-2057 (Microsoft Internet Explorer before 8 uses the HTTP Host header
to ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2009-2056 (Cisco IOS XR 3.8.1 and earlier allows remote authenticated users
to ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2009-2055 (Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to
cause a ...)
 	NOT-FOR-US: Cisco IOS
 CVE-2009-2054
@@ -3262,7 +3262,7 @@
 CVE-2009-3870
 	REJECTED
 CVE-2009-1879 (Cross-site scripting (XSS) vulnerability in index.template.html
in the ...)
-	TODO: check
+	NOT-FOR-US: Adobe Flex 
 CVE-2009-1878 (Session fixation vulnerability in Adobe ColdFusion 8.0.1 and
earlier ...)
 	NOT-FOR-US: Adobe ColdFusion
 CVE-2009-1877 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion
8.0.1 and ...)
@@ -5723,7 +5723,7 @@
 CVE-2009-1155 (Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX
Security ...)
 	NOT-FOR-US: Cisco Adaptive Security Appliances
 CVE-2009-1154 (Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause
a ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2009-1153
 	RESERVED
 CVE-2009-1152 (Siemens Gigaset SE461 WiMAX router 1.5-BL024.9.6401, and
possibly ...)
Secure testing commits - Aug 2009 - r12683 - data/CVE

[Secure-testing-commits] r12683 - data/CVE
