thr3ads.net - Secure testing commits - [Secure-testing-commits] r12889

If this information is useful, please help other people find it:
Share via:
Giuseppe Iuculano
2009-Sep-26 09:37 UTC
[Secure-testing-commits] r12889 - data/CVE

Author: derevko-guest
Date: 2009-09-26 09:37:46 +0000 (Sat, 26 Sep 2009)
New Revision: 12889

Modified:
   data/CVE/list
Log:
- NFUs
- backuppc got a CVE id


Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-09-26 07:36:34 UTC (rev 12888)
+++ data/CVE/list	2009-09-26 09:37:46 UTC (rev 12889)
@@ -1,7 +1,7 @@
 CVE-2009-3391
 	RESERVED
 CVE-2009-3390 (Multiple unspecified vulnerabilities in the (1) iscsiadm and (2)
...)
-	TODO: check
+	NOT-FOR-US: iscsiadm and iscsitadm programs in Sun Solaris 10
 CVE-2009-3389
 	RESERVED
 CVE-2009-3388
@@ -42,76 +42,74 @@
 	RESERVED
 CVE-2009-3370
 	RESERVED
-CVE-2009-3369 (CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are
in ...)
-	TODO: check
 CVE-2009-3368 (Cross-site scripting (XSS) vulnerability in the Hotel Booking
...)
-	TODO: check
+	NOT-FOR-US: component for Joomla!
 CVE-2009-3367 (Multiple cross-site scripting (XSS) vulnerabilities in An image
...)
-	TODO: check
+	NOT-FOR-US: An image gallery 1.0
 CVE-2009-3366 (Directory traversal vulnerability in navigation.php in An image
...)
-	TODO: check
+	NOT-FOR-US: An image gallery 1.0
 CVE-2009-3365 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Aurora CMS
 CVE-2009-3364 (Stack-based buffer overflow in FTPShell Client 4.1 RC2 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: FTPShell Client
 CVE-2009-3363 (Cross-site scripting (XSS) vulnerability in the BUEditor module
5.x ...)
-	TODO: check
+	NOT-FOR-US: a module for Drupal
 CVE-2009-3362 (PHP remote file inclusion vulnerability in printnews.php3 in
SZNews ...)
-	TODO: check
+	NOT-FOR-US: SZNews
 CVE-2009-3361 (SQL injection vulnerability in index.php in PHP-IPNMonitor
allows ...)
-	TODO: check
+	NOT-FOR-US: PHP-IPNMonitor
 CVE-2009-3360 (Multiple cross-site scripting (XSS) vulnerabilities in Datemill
1.0 ...)
-	TODO: check
+	NOT-FOR-US: Datemill
 CVE-2009-3359 (Multiple cross-site scripting (XSS) vulnerabilities in Match
Agency ...)
-	TODO: check
+	NOT-FOR-US: Match Agency BiZ
 CVE-2009-3358 (SQL injection vulnerability in profile.php in Tourism Scripts
Adult ...)
-	TODO: check
+	NOT-FOR-US: Tourism Scripts Adult
 CVE-2009-3357 (Multiple SQL injection vulnerabilities in the Hotel Booking ...)
-	TODO: check
+	NOT-FOR-US: component for Joomla!
 CVE-2009-3356 (SQL injection vulnerability in index.php in Image voting 1.0
allows ...)
-	TODO: check
+	NOT-FOR-US: Image voting
 CVE-2009-3355 (Cross-site scripting (XSS) vulnerability in profile.php in
Datetopia ...)
-	TODO: check
+	NOT-FOR-US: Datetopia Buy Dating Site
 CVE-2009-3354 (Multiple unspecified vulnerabilities in the Rest API module for
Drupal ...)
-	TODO: check
+	NOT-FOR-US: Rest API module for Drupal 
 CVE-2009-3353 (Multiple unspecified vulnerabilities in the Node2Node module for
...)
-	TODO: check
+	NOT-FOR-US: Node2Node module for Drupal
 CVE-2009-3352 (Multiple unspecified vulnerabilities in the quota_by_role (Quota
by ...)
-	TODO: check
+	NOT-FOR-US: quota_by_role (Quota by role) module for Drupal 
 CVE-2009-3351 (Multiple unspecified vulnerabilities in the Node Browser module
for ...)
-	TODO: check
+	NOT-FOR-US: Node Browser module for Drupal 
 CVE-2009-3350 (Multiple unspecified vulnerabilities in the Subdomain Manager
module ...)
-	TODO: check
+	NOT-FOR-US: Subdomain Manager module for Drupal
 CVE-2009-3349 (SQL injection vulnerability in Datavore Gyro 5.0 allows remote
...)
 	TODO: check
 CVE-2009-3348 (Cross-site scripting (XSS) vulnerability in Datavore Gyro 5.0
allows ...)
-	TODO: check
+	NOT-FOR-US: Datavore Gyro
 CVE-2009-3347 (Buffer overflow on the D-Link DIR-400 wireless router allows
remote ...)
-	TODO: check
+	NOT-FOR-US: D-Link DIR-400 wireless router
 CVE-2009-3346 (Unspecified vulnerability in SAP Crystal Reports Server 2008
allows ...)
-	TODO: check
+	NOT-FOR-US: SAP Crystal Reports Server
 CVE-2009-3345 (Heap-based buffer overflow in SAP Crystal Reports Server 2008
has ...)
-	TODO: check
+	NOT-FOR-US: SAP Crystal Reports Server
 CVE-2009-3344 (Unspecified vulnerability in SAP Crystal Reports Server 2008 on
...)
-	TODO: check
+	NOT-FOR-US: SAP Crystal Reports Server
 CVE-2009-3343 (SQL injection vulnerability in details.asp in HotWeb Rentals
allows ...)
-	TODO: check
+	NOT-FOR-US: HotWeb Rentals
 CVE-2009-3342 (SQL injection vulnerability in
frontend/assets/ajax/checkusername.php ...)
-	TODO: check
+	NOT-FOR-US: component for Joomla!
 CVE-2009-3341 (Buffer overflow on the Linksys WRT54GL wireless router allows
remote ...)
-	TODO: check
+	NOT-FOR-US: Linksys WRT54GL wireless router
 CVE-2009-3340 (Unspecified vulnerability in FreeSSHD 1.2.4 allows remote
attackers to ...)
-	TODO: check
+	NOT-FOR-US: FreeSSHD
 CVE-2009-3339 (Unspecified vulnerability in McAfee Email and Web Security
Appliance ...)
-	TODO: check
+	NOT-FOR-US: McAfee Email and Web Security Appliance
 CVE-2009-3338 (Stack-based buffer overflow in EffectMatrix (E.M.) Magic Morph
1.95b ...)
-	TODO: check
+	NOT-FOR-US: Magic Morph 
 CVE-2009-3337 (SQL injection vulnerability in the Freetag
(serendipity_event_freetag) ...)
-	TODO: check
+	NOT-FOR-US: plugin for Serendipity
 CVE-2009-3336 (SQL injection vulnerability in auction_details.php in PHP Pro
Bid ...)
-	TODO: check
+	NOT-FOR-US: PHP Pro Bid
 CVE-2009-3335 (SQL injection vulnerability in the TurtuShout component 0.11 for
...)
-	TODO: check
+	NOT-FOR-US: TurtuShout component 0.11 for Joomla!
 CVE-2009-3334 (SQL injection vulnerability in the Lhacky! Extensions Cave
Joomla! ...)
 	NOT-FOR-US: Lhacky! Extensions Cave Joomla!
 CVE-2009-3333 (PHP remote file inclusion vulnerability in koesubmit.php in the
...)
@@ -1650,11 +1648,10 @@
 	NOT-FOR-US: PG MatchMaking
 CVE-2009-2881 (Multiple SQL injection vulnerabilities in Basilic 1.5.13 allow
remote ...)
 	NOT-FOR-US: Basilic
-CVE-2009-XXXX [BackupPC ClientNameAlias ssh rsync backup security bypass]
+CVE-2009-3369 (CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are
in ...)
 	- backuppc 3.1.0-7 (low; bug #542218)
 	[etch] - backuppc <no-dsa> (Requires access)
 	[lenny] - backuppc <no-dsa> (Requires access)
-	TODO: request CVE id
 CVE-2009-XXXX [burn: Insecure escaping of file names]
 	- burn 0.4.5-1 (low; bug #542329)
 	[lenny] - burn 0.4.3-2.1+lenny1
@@ -1829,7 +1826,7 @@
 CVE-2009-2818
 	RESERVED
 CVE-2009-2817 (Buffer overflow in Apple iTunes before 9.0.1 allows remote
attackers ...)
-	TODO: check
+	NOT-FOR-US: Apple iTunes
 CVE-2009-2816
 	RESERVED
 CVE-2009-2815 (The Telephony component in Apple iPhone OS before 3.1 does not
...)
@@ -2443,11 +2440,11 @@
 CVE-2009-2683
 	RESERVED
 CVE-2009-2682 (Unspecified vulnerability in Role-Based Access Control (RBAC) in
HP ...)
-	TODO: check
+	NOT-FOR-US: HP-UX
 CVE-2009-2681
 	RESERVED
 CVE-2009-2680 (Unspecified vulnerability in the Remote Management Interface
(RMI) for ...)
-	TODO: check
+	NOT-FOR-US: HP StorageWorks
 CVE-2009-2679
 	RESERVED
 CVE-2009-2678
Secure testing commits - Sep 2009 - r12889 - data/CVE

[Secure-testing-commits] r12889 - data/CVE
