Author: geissert
Date: 2009-10-25 20:54:39 +0000 (Sun, 25 Oct 2009)
New Revision: 13093
Modified:
data/CVE/list
Log:
NFUs corrections (including multiple different issues marked as NFUs)
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-10-25 18:41:21 UTC (rev 13092)
+++ data/CVE/list 2009-10-25 20:54:39 UTC (rev 13093)
@@ -12826,7 +12826,8 @@
CVE-2008-5677 (Unrestricted file upload vulnerability in Kwalbum 2.0.4, 2.0.2,
and ...)
NOT-FOR-US: Kwalbum
CVE-2008-5676 (Multiple unspecified vulnerabilities in the ModSecurity (aka
...)
- NOT-FOR-US: ModSecurity
+ - libapache-mod-security <unfixed>
+ TODO: check
CVE-2008-5675 (Unspecified vulnerability in IBM WebSphere Portal 6.0 before
6.0.1.5 ...)
NOT-FOR-US: IBM WebSphere Portal
CVE-2008-5674 (Multiple array index errors in the HTTP server in Darkwet
Network ...)
@@ -21909,7 +21910,7 @@
CVE-2008-1983 (Cross-site scripting (XSS) vulnerability in Advanced Electron
Forum ...)
NOT-FOR-US: Advanced Electron Forum (AEF)
CVE-2008-1982 (SQL injection vulnerability in ss_load.php in the Spreadsheet
(wpSS) ...)
- NOT-FOR-US: Spreadsheet plugin
+ NOT-FOR-US: Wordpress Spreadsheet plugin
CVE-2008-1981 (Cross-site request forgery (CSRF) vulnerability in E-Publish 5.x
...)
NOT-FOR-US: e-publish
CVE-2008-1980 (Cross-site scripting (XSS) vulnerability in E-Publish 5.x before
...)
@@ -23863,7 +23864,7 @@
- sun-java5 1.5.0-15-1
[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1184 (The DNSSEC validation library (libval) library in dnssec-tools
before ...)
- NOT-FOR-US: dnssec-tools
+ - dnssec-tools <not-affected> (first version in Debian was 1.4.1)
CVE-2008-1183 (Multiple cross-site scripting (XSS) vulnerabilities in Crafty
Syntax ...)
NOT-FOR-US: Crafty Syntax Live Help
CVE-2008-1182 (Cross-site scripting (XSS) vulnerability in BSD Perimeter
pfSense ...)
@@ -37289,7 +37290,8 @@
CVE-2007-2715 (Admin/users.php in Snaps! Gallery 1.4.4 allows remote attackers
to ...)
NOT-FOR-US: Snaps! Gallery
CVE-2007-2714 (Unspecified vulnerability in akismet.php in Matt Mullenweg
Akismet ...)
- NOT-FOR-US: Akismet
+ - wordpress <unfixed>
+ TODO: check
CVE-2007-2713 (ifdate 2.x sends a redirect to the web browser but does not exit
when ...)
NOT-FOR-US: iFdate
CVE-2007-2712 (Unspecified vulnerability in MH Software Connect Daily before
3.3.3 ...)
@@ -46807,9 +46809,9 @@
CVE-2006-5809 (Multiple unspecified vulnerabilities in Jonathon J. Freeman OvBB
...)
NOT-FOR-US: OvBB
CVE-2006-5808 (The installation of Cisco Secure Desktop (CSD) before 3.1.1.45
uses ...)
- NOT-FOR-US: Cicso
+ NOT-FOR-US: Cisco
CVE-2006-5807 (Cisco Secure Desktop (CSD) before 3.1.1.45 allows local users to
...)
- NOT-FOR-US: Cicso
+ NOT-FOR-US: Cisco
CVE-2006-5806 (SSL VPN Client in Cisco Secure Desktop before 3.1.1.45, when
...)
NOT-FOR-US: Cisco
CVE-2006-5805 (Microsoft Internet Explorer 7 allows remote attackers to cause a
...)
@@ -48513,7 +48515,8 @@
CVE-2006-5032 (PHP remote file inclusion vulnerability in dix.php3 in
PHPartenaire ...)
NOT-FOR-US: PHPartenaire
CVE-2006-5031 (Directory traversal vulnerability in app/webroot/js/vendors.php
in ...)
- NOT-FOR-US: CakePHP
+ - cakephp <unfixed>
+ TODO: check
CVE-2006-5030 (SQL injection vulnerability in modules/messages/index.php in
exV2 ...)
NOT-FOR-US: exV2
CVE-2006-5029 (SQL injection vulnerability in thread.php in WoltLab Burning
Board ...)
@@ -50726,7 +50729,8 @@
CVE-2006-4068 (The pswd.js script relies on the client to calculate whether a
...)
NOT-FOR-US: pswd.js
CVE-2006-4067 (Cross-site scripting (XSS) vulnerability in cake/libs/error.php
in ...)
- NOT-FOR-US: CakePHP
+ - cakephp <unfixed>
+ TODO: check
CVE-2006-4066 (The Graphical Device Interface Plus library (gdiplus.dll) in
Microsoft ...)
NOT-FOR-US: Microsoft
CVE-2006-4065 (Multiple PHP remote file inclusion vulnerabilities in Dmitry
Sheiko ...)
@@ -53126,13 +53130,13 @@
CVE-1999-1589 (Unspecified vulnerability in crontab in IBM AIX 3.2 allows local
users ...)
NOT-FOR-US: IBM AIX
CVE-2006-3010 (Multiple SQL injection vulnerabilities in Open Business
Management ...)
- NOT-FOR-US: not packaged for Debian
+ NOT-FOR-US: Open Business Management
CVE-2006-3009 (Multiple cross-site scripting (XSS) vulnerabilities in Open
Business ...)
- NOT-FOR-US: not packaged for Debian
+ NOT-FOR-US: Open Business Management
CVE-2006-3008
REJECTED
CVE-2006-3007 (Multiple cross-site scripting (XSS) vulnerabilities in SHOUTcast
1.9.5 ...)
- NOT-FOR-US: not packaged for Debian
+ NOT-FOR-US: SHOUTcast
CVE-2006-3006 (Cross-site scripting (XSS) vulnerability in iFoto 0.20, and
possibly ...)
NOT-FOR-US: iFoto
CVE-2006-3005 (The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux
is ...)
@@ -53142,17 +53146,17 @@
CVE-2006-3004 (Multiple cross-site scripting (XSS) vulnerabilities in Ez
Ringtone ...)
NOT-FOR-US: Ez Ringtone
CVE-2006-3003 (details.php in Easy Ad-Manager allows remote attackers to obtain
the ...)
- NOT-FOR-US: not packaged for Debian
+ NOT-FOR-US: Easy Ad-Manager
CVE-2006-3002 (Cross-site scripting (XSS) vulnerability in details.php in Easy
...)
- NOT-FOR-US: not packaged for Debian
+ NOT-FOR-US: OkScripts product
CVE-2006-3001 (Cross-site scripting (XSS) vulnerability in search.php in
OkScripts ...)
- NOT-FOR-US: not packaged for Debian
+ NOT-FOR-US: OkScripts product
CVE-2006-3000 (Cross-site scripting (XSS) vulnerability in search.php in
OkScripts ...)
- NOT-FOR-US: not packaged for Debian
+ NOT-FOR-US: OkScripts product
CVE-2006-2999 (Cross-site scripting (XSS) vulnerability in search.php in
OkScripts ...)
- NOT-FOR-US: not packaged for Debian
+ NOT-FOR-US: OkScripts product
CVE-2006-2998 (PHP remote file inclusion vulnerability in board/post.php in
free ...)
- NOT-FOR-US: not packaged for Debian
+ NOT-FOR-US: QBoard
CVE-2006-2997 (Cross-site scripting (XSS) vulnerability in ZMS 2.9 and earlier,
when ...)
- zope-zms <unfixed> (bug #373667; unimportant)
[sarge] - zope-zms <no-dsa> (Only exploitable with register_globals)
@@ -57539,7 +57543,7 @@
CVE-2006-1221 (Untrusted search path vulnerability in the TrueVector service
...)
NOT-FOR-US: TrueVector
CVE-2005-4730 (Unspecified vulnerability in PEAR Text_Password 1.0 has unknown
impact ...)
- NOT-FOR-US: Not included in php-pear or php4-pear
+ NOT-FOR-US: PEAR Text_Password
CVE-2006-XXXX [Insufficient filename sanitising in darcsweb]
- darcsweb 0.15-1
CVE-2006-1220 (Integer overflow in the mach_msg_send function in the kernel for
Mac ...)
@@ -60237,7 +60241,8 @@
{DSA-947-1}
- clamav 0.88-1
CVE-2006-0138 (aMSN (aka Alvaro''s Messenger) allows remote attackers
to cause a ...)
- NOT-FOR-US: Alvaro''s Messenger
+ - amsn <unfixed>
+ TODO: check (possibly affects etch)
CVE-2006-0137 (SQL injection vulnerability in linkcategory.php in Phanatic
Softwares ...)
NOT-FOR-US: Phanatic Softwares Chimera Web Portal System
CVE-2006-0136 (Multiple cross-site scripting (XSS) vulnerabilities in the
guestbook ...)
@@ -63140,7 +63145,7 @@
- flashplugin-nonfree 7.0.61-1 (bug #339290; high)
[sarge] - flashplugin-nonfree <no-dsa> (Only affects proprietary Flash
plugin)
CVE-2005-3589 (Buffer overflow in FileZilla Server Terminal 0.9.4d may allow
remote ...)
- NOT-FOR-US: FileZilla
+ NOT-FOR-US: FileZilla Server
CVE-2005-3588 (SQL injection vulnerability in admin.php in Advanced Guestbook
2.2 ...)
NOT-FOR-US: Advanced Guestbook
CVE-2005-3587 (Improper boundary checks in petite.c in Clam AntiVirus (ClamAV)
before ...)
@@ -69309,7 +69314,7 @@
CVE-2002-1770 (Qualcomm Eudora 5.1 allows remote attackers to execute arbitrary
code ...)
NOT-FOR-US: Eudora
CVE-2002-1769 (Microsoft Site Server 3.0 prior to SP4 installs a default user,
...)
- NOT-FOR-US: Mirosoft
+ NOT-FOR-US: Microsoft
CVE-2002-1768 (Cisco IOS 11.1 through 12.2, when HSRP support is not enabled,
allows ...)
NOT-FOR-US: Cisco
CVE-2002-1767 (Buffer overflow in tnslsnr of Oracle 8i Database Server 8.1.5
for ...)