Author: white Date: 2009-12-23 09:08:55 +0000 (Wed, 23 Dec 2009) New Revision: 13628 Modified: data/CVE/list Log: Some NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-12-23 07:08:58 UTC (rev 13627) +++ data/CVE/list 2009-12-23 09:08:55 UTC (rev 13628) @@ -65,13 +65,13 @@ CVE-2009-4376 (Buffer overflow in the daintree_sna_read function in the Daintree SNA ...) TODO: check CVE-2009-4375 (SQL injection vulnerability in repository/repository_attachment.php in ...) - TODO: check + NOT-FOR-US: AlienVault Open Source Security Information Management CVE-2009-4374 (Directory traversal vulnerability in ...) - TODO: check + NOT-FOR-US: AlienVault Open Source Security Information Management CVE-2009-4373 (Unrestricted file upload vulnerability in ...) - TODO: check + NOT-FOR-US: AlienVault Open Source Security Information Management CVE-2009-4372 (AlienVault Open Source Security Information Management (OSSIM) 2.1.5, ...) - TODO: check + NOT-FOR-US: AlienVault Open Source Security Information Management CVE-2009-4371 (Cross-site scripting (XSS) vulnerability in the Locale module ...) TODO: check CVE-2009-4370 (Cross-site scripting (XSS) vulnerability in the Menu module ...) @@ -79,49 +79,49 @@ CVE-2009-4369 (Cross-site scripting (XSS) vulnerability in the Contact module ...) TODO: check CVE-2009-4368 (Multiple unspecified vulnerabilities in Centreon before 2.1.4 have ...) - TODO: check + NOT-FOR-US: Centreon CVE-2009-4367 (The Staging Webservice ("sitecore modules/staging/service/api.asmx") ...) - TODO: check + NOT-FOR-US: Sitecore Staging Module CVE-2009-4366 (Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez ...) - TODO: check + NOT-FOR-US: ScriptsEz Ez Blog CVE-2009-4365 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) - TODO: check + NOT-FOR-US: ScriptsEz Ez Blog CVE-2009-4364 (Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez ...) - TODO: check + NOT-FOR-US: ScriptsEz Ez Blog CVE-2009-4363 (Text_Filter/lib/Horde/Text/Filter/Xss.php in Horde Application ...) TODO: check CVE-2009-4362 (Multiple buffer overflows in qosmod in IBM AIX 6.1 allow local users ...) - TODO: check + NOT-FOR-US: IBM AIX CVE-2009-4361 (Multiple buffer overflows in qoslist in IBM AIX 6.1 allow local users ...) - TODO: check + NOT-FOR-US: IBM AIX CVE-2009-4360 (SQL injection vulnerability in modules/content/index.php in the ...) - TODO: check + NOT-FOR-US: XOOPS CVE-2009-4359 (Cross-site scripting (XSS) vulnerability in folder.php in the ...) - TODO: check + NOT-FOR-US: XOOPS CVE-2009-4358 (freebsd-update in FreeBSD 8.0, 7.2, 7.1, 6.4, and 6.3 uses insecure ...) - TODO: check + NOT-FOR-US: freebsd-update CVE-2009-4357 (CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 ...) - TODO: check + NOT-FOR-US: IBM Rational ClearQuest CVE-2009-4356 (Multiple integer overflows in the jpeg.w5s and png.w5s filters in ...) - TODO: check + NOT-FOR-US: Winamp CVE-2009-4355 RESERVED CVE-2009-4354 (TransWARE Active! mail 2003 build 2003.0139.0871 and earlier does not ...) - TODO: check + NOT-FOR-US: TransWARE Active CVE-2009-4353 (The Mobile Edition of TransWARE Active! mail 2003 build 2003.0139.0871 ...) - TODO: check + NOT-FOR-US: TransWARE Active CVE-2009-4352 (Multiple cross-site scripting (XSS) vulnerabilities in TransWARE ...) - TODO: check + NOT-FOR-US: TransWARE Active CVE-2009-4351 (SQL injection vulnerability in ADMIN/loginaction.php in WSCreator 1.1, ...) - TODO: check + NOT-FOR-US: WSCreator CVE-2009-4350 (SQL injection vulnerability in index.php in Arctic Issue Tracker 2.1.1 ...) - TODO: check + NOT-FOR-US: Arctic Issue Tracker CVE-2009-4349 (Cross-site request forgery (CSRF) vulnerability in ...) - TODO: check + NOT-FOR-US: Link Up Gold CVE-2009-4348 (Cross-site scripting (XSS) vulnerability in index.php in Harold ...) - TODO: check + NOT-FOR-US: Harold Bakker''s NewsScript CVE-2009-4347 (Cross-site scripting (XSS) vulnerability in daloradius-users/login.php ...) - TODO: check + NOT-FOR-US: daloRADIUS CVE-2009-4346 (Cross-site scripting (XSS) vulnerability in the Frontend news ...) TODO: check CVE-2009-4345 (Cross-site scripting (XSS) vulnerability in the vShoutbox (vshoutbox) ...) @@ -145,27 +145,27 @@ CVE-2009-4336 (Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth ...) TODO: check CVE-2009-4335 (Multiple unspecified vulnerabilities in bundled stored procedures in ...) - TODO: check + NOT-FOR-US: IBM DB2 CVE-2009-4334 (The Self Tuning Memory Manager (STMM) component in IBM DB2 9.1 before ...) - TODO: check + NOT-FOR-US: IBM DB2 CVE-2009-4333 (The Relational Data Services component in IBM DB2 9.5 before FP5 ...) - TODO: check + NOT-FOR-US: IBM DB2 CVE-2009-4332 (db2pd in the Problem Determination component in IBM DB2 9.1 before FP7 ...) - TODO: check + NOT-FOR-US: IBM DB2 CVE-2009-4331 (The Install component in IBM DB2 9.5 before FP5 and 9.7 before FP1 ...) - TODO: check + NOT-FOR-US: IBM DB2 CVE-2009-4330 (Unspecified vulnerability in db2licm in the Engine Utilities component ...) - TODO: check + NOT-FOR-US: IBM DB2 CVE-2009-4329 (Unspecified vulnerability in the Engine Utilities component in IBM DB2 ...) - TODO: check + NOT-FOR-US: IBM DB2 CVE-2009-4328 (Unspecified vulnerability in the DRDA Services component in IBM DB2 ...) - TODO: check + NOT-FOR-US: IBM DB2 CVE-2009-4327 (The Common Code Infrastructure component in IBM DB2 9.5 before FP5 and ...) - TODO: check + NOT-FOR-US: IBM DB2 CVE-2009-4326 (The RAND scalar function in the Common Code Infrastructure component ...) - TODO: check + NOT-FOR-US: IBM DB2 CVE-2009-4325 (The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before ...) - TODO: check + NOT-FOR-US: IBM DB2 CVE-2009-XXXX [apache2: potential disclosure of private php files] - apache2 <unfixed> (low; bug #562006) CVE-2009-XXXX [Wireshark: Daintree SNA buffer overflow]