Author: nion
Date: 2010-03-11 08:50:03 +0000 (Thu, 11 Mar 2010)
New Revision: 14246
Modified:
data/CVE/list
Log:
- NFUs
- CVE-2010-0717 fixed in moin 1.9.0~rc2-1
- new mydms issue
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-03-11 07:55:12 UTC (rev 14245)
+++ data/CVE/list 2010-03-11 08:50:03 UTC (rev 14246)
@@ -9,33 +9,33 @@
TODO: File bug
NOTE:
http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html
CVE-2010-0946 (SQL injection vulnerability in the Keep It Simple Stupid (KISS)
...)
- TODO: check
+ NOT-FOR-US: com_ksadvertiser component for Joomla!
CVE-2010-0945 (SQL injection vulnerability in the HotBrackets Tournament
Brackets ...)
- TODO: check
+ NOT-FOR-US: com_hotbrackets component for Joomla!
CVE-2010-0944 (Directory traversal vulnerability in the JCollection
(com_jcollection) ...)
- TODO: check
+ NOT-FOR-US: com_jcollection component for Joomla!
CVE-2010-0943 (Directory traversal vulnerability in the JA Showcase
(com_jashowcase) ...)
- TODO: check
+ NOT-FOR-US: com_jashowcase component for Joomla!
CVE-2010-0942 (Directory traversal vulnerability in the jVideoDirect ...)
- TODO: check
+ NOT-FOR-US: com_jvideodirect component for Joomla!
CVE-2010-0941 (Multiple cross-site scripting (XSS) vulnerabilities in eTek
Systems ...)
- TODO: check
+ NOT-FOR-US: eTek Systems Hit Counter
CVE-2010-0940 (Cross-site scripting (XSS) vulnerability in guestbook.php in
Simple ...)
- TODO: check
+ NOT-FOR-US: Simple PHP Guestbook
CVE-2010-0939 (Visialis ABB Forum 1.1 stores sensitive information under the
web root ...)
- TODO: check
+ NOT-FOR-US: Visialis ABB Forum
CVE-2010-0938 (Cross-site scripting (XSS) vulnerability in todooforum.php in
Todoo ...)
- TODO: check
+ NOT-FOR-US: Todoo Forum
CVE-2010-0937 (Multiple unspecified vulnerabilities in Visualization Library
before ...)
- TODO: check
+ NOT-FOR-US: Visualization Library
CVE-2010-0936 (Cross-site scripting (XSS) vulnerability in auth.asp on the
D-LINK ...)
- TODO: check
+ NOT-FOR-US: D-LINK firmware
CVE-2009-4679 (Directory traversal vulnerability in the inertialFATE iF
Portfolio ...)
- TODO: check
+ NOT-FOR-US: com_if_nexus component for Joomla!
CVE-2009-4678 (Cross-site scripting (XSS) vulnerability in index.php in Winn
...)
- TODO: check
+ NOT-FOR-US: Winn Guestbook
CVE-2009-4677 (Cross-site scripting (XSS) vulnerability in search.php in phpFK
PHP ...)
- TODO: check
+ NOT-FOR-US: phpFK PHP Forum
CVE-2010-XXXX [vlc bookmarks memory corruption]
- vlc <undetermined>
NOTE: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4931.php
@@ -570,8 +570,7 @@
{DSA-2009-1}
- tdiary 2.2.1-1.1 (low; bug #572417)
CVE-2010-0717 (The default configuration of cfg.packagepages_actions_excluded
in ...)
- - moin <undetermined>
- TODO: check
+ - moin 1.9.0~rc2-1
CVE-2009-4652 (The (1) Conn_GetCipherInfo and (2) Conn_UsesSSL functions in
...)
- ngircd <not-affected> (SSL/TLS support not yet present)
TODO: Recheck when 0.15 gets uploaded
@@ -1707,9 +1706,10 @@
- makepasswd 1.10-5 (low; bug #564559)
[lenny] - makepasswd <no-dsa> (Minor issue)
CVE-2010-XXXX [mydms multiple issues]
- - mydms <undetermined> (low)
- TODO: check
+ - mydms <unfixed> (low)
+ TODO: write bug report
NOTE: http://seclists.org/fulldisclosure/2010/Jan/267
+ NOTE: CVE ids requested
CVE-2010-0350 (Directory traversal vulnerability in the Photo Book
(goof_fotoboek) ...)
NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0349 (Cross-site scripting (XSS) vulnerability in C3 Corp.
WebCalenderC3 ...)