thr3ads.net - Secure testing commits - [Secure-testing-commits] r14330

If this information is useful, please help other people find it:
Share via:
Michael Gilbert
2010-Mar-27 02:36 UTC
[Secure-testing-commits] r14330 - data/CVE

Author: gilbert-guest
Date: 2010-03-27 02:36:36 +0000 (Sat, 27 Mar 2010)
New Revision: 14330

Modified:
   data/CVE/list
Log:
NFUs

Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-03-26 23:16:16 UTC (rev 14329)
+++ data/CVE/list	2010-03-27 02:36:36 UTC (rev 14330)
@@ -7,65 +7,65 @@
 CVE-2010-1119 (Unspecified vulnerability in Safari on Apple iPhone OS allows
remote ...)
 	TODO: check
 CVE-2010-1118 (Unspecified vulnerability in Internet Explorer 8 on Microsoft
Windows ...)
-	TODO: check
+	NOT-FOR-US: Internet Explorer
 CVE-2010-1117 (Heap-based buffer overflow in Internet Explorer 8 on Microsoft
Windows ...)
-	TODO: check
+	NOT-FOR-US: Internet Explorer
 CVE-2010-1116 (LookMer Music Portal stores sensitive information under the web
root ...)
-	TODO: check
+	NOT-FOR-US: LookMer Music Portal
 CVE-2010-1115 (Directory traversal vulnerability in news/include/customize.php
in Web ...)
-	TODO: check
+	NOT-FOR-US: Web Server Creator - Web Portal
 CVE-2010-1114 (Multiple PHP remote file inclusion vulnerabilities in Web Server
...)
-	TODO: check
+	NOT-FOR-US: Web Server Creator - Web Portal
 CVE-2010-1113 (Cross-site scripting (XSS) vulnerability in the forum page in
Web ...)
-	TODO: check
+	NOT-FOR-US: Web Server Creator - Web Portal
 CVE-2010-1112 (Cross-site scripting (XSS) vulnerability in cat.php in KloNews
2.0 ...)
-	TODO: check
+	NOT-FOR-US: KloNews
 CVE-2010-1111 (Multiple cross-site scripting (XSS) vulnerabilities in Jokes
Complete ...)
-	TODO: check
+	NOT-FOR-US: Jokes Complete Website
 CVE-2010-1110 (Directory traversal vulnerability in index.php in phpMySport 1.4
...)
-	TODO: check
+	NOT-FOR-US: phpMySport
 CVE-2010-1109 (Multiple SQL injection vulnerabilities in index.php in
phpMySport 1.4, ...)
-	TODO: check
+	NOT-FOR-US: phpMySport
 CVE-2010-1108 (Cross-site scripting (XSS) vulnerability in the Control Panel
module ...)
-	TODO: check
+	NOT-FOR-US: third-party Drupal module
 CVE-2010-1107 (Cross-site scripting (XSS) vulnerability in the Recent Comments
module ...)
-	TODO: check
+	NOT-FOR-US: third-party Drupal module
 CVE-2010-1106 (PHP remote file inclusion vulnerability in cgi/index.php in ...)
-	TODO: check
+	NOT-FOR-US: AdvertisementManager
 CVE-2010-1105 (Cross-site scripting (XSS) vulnerability in cgi/index.php in
...)
-	TODO: check
+	NOT-FOR-US: AdvertisementManager
 CVE-2010-1104 (Cross-site scripting (XSS) vulnerability in Zope 2.8.x before
2.8.12, ...)
 	TODO: check
 CVE-2010-1103 (Integer overflow in Stainless allows remote attackers to bypass
...)
 	TODO: check
 CVE-2010-1102 (Integer overflow in OmniWeb allows remote attackers to bypass
intended ...)
-	TODO: check
+	NOT-FOR-US: OmniWeb
 CVE-2010-1101 (Integer overflow in Alexander Clauss iCab allows remote
attackers to ...)
-	TODO: check
+	NOT-FOR-US: Alexander Clauss iCab
 CVE-2010-1100 (Integer overflow in Arora allows remote attackers to bypass
intended ...)
 	TODO: check
 CVE-2010-1099 (Integer overflow in Apple Safari allows remote attackers to
bypass ...)
 	TODO: check
 CVE-2010-1098 (The ANI parser in Microsoft Windows before 7 on the x86
platform, as ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2010-1097 (include/userlogin.class.php in DeDeCMS 5.5 GBK, when ...)
-	TODO: check
+	NOT-FOR-US: DeDeCMS
 CVE-2010-1096 (Multiple SQL injection vulnerabilities in searchmatch.php in
...)
-	TODO: check
+	NOT-FOR-US: ScriptsFeed Dating Software
 CVE-2010-1095 (Cross-site scripting (XSS) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Tracking Requirements & Use Cases
 CVE-2010-1094 (SQL injection vulnerability in news.php in DZ EROTIK
Auktionshaus ...)
-	TODO: check
+	NOT-FOR-US: Auktionshaus V4rgo
 CVE-2010-1093 (SQL injection vulnerability in rss.php in 1024 CMS 2.1.1, when
...)
-	TODO: check
+	NOT-FOR-US: 1024 CMS
 CVE-2010-1092 (Multiple SQL injection vulnerabilities in login.php in
ScriptsFeed ...)
-	TODO: check
+	NOT-FOR-US: ScriptsFeed Business Directory
 CVE-2010-1091 (Multiple cross-site scripting (XSS) vulnerabilities in
contact.php in ...)
-	TODO: check
+	NOT-FOR-US: phpMySite
 CVE-2010-1090 (SQL injection vulnerability in index.php in phpMySite allows
remote ...)
-	TODO: check
+	NOT-FOR-US: phpMySite
 CVE-2010-1089 (SQL injection vulnerability in vedi_faq.php in PHP Trouble
Ticket 2.2 ...)
-	TODO: check
+	NOT-FOR-US: PHP Trouble Ticket
 CVE-2010-1088
 	RESERVED
 CVE-2010-1087
@@ -79,91 +79,91 @@
 CVE-2010-1083
 	RESERVED
 CVE-2010-1082 (Multiple directory traversal vulnerabilities in OI.Blogs 1.0.0,
when ...)
-	TODO: check
+	NOT-FOR-US: OI.Blogs
 CVE-2010-1081 (Directory traversal vulnerability in the Community Polls ...)
-	TODO: check
+	NOT-FOR-US: com_communitypolls component for Joomla!
 CVE-2010-1080 (Cross-site scripting (XSS) vulnerability in view.php in Pulse
CMS ...)
-	TODO: check
+	NOT-FOR-US: Pulse CMS
 CVE-2010-1079 (Cross-site scripting (XSS) vulnerability in Sawmill before
7.2.18 ...)
-	TODO: check
+	NOT-FOR-US: Sawmill
 CVE-2010-1078 (SQL injection vulnerability in archive.php in XlentProjects
SphereCMS ...)
-	TODO: check
+	NOT-FOR-US: Xlent Projects SphereCMS
 CVE-2010-1077 (Directory traversal vulnerability in vbseo.php in Crawlability
vBSEO ...)
-	TODO: check
+	NOT-FOR-US: Crawlability vBSEO plugin for vBulletin
 CVE-2010-1076 (Cross-site scripting (XSS) vulnerability in index.php in Entry
Level ...)
-	TODO: check
+	NOT-FOR-US: Entry Level CMS
 CVE-2010-1075 (SQL injection vulnerability in index.php in Entry Level CMS (EL
CMS) ...)
-	TODO: check
+	NOT-FOR-US: Entry Level CMS
 CVE-2010-1074 (Cross-site scripting (XSS) vulnerability in the Currency
Exchange ...)
-	TODO: check
+	NOT-FOR-US: Currency Exchange module for Drupal
 CVE-2010-1073 (SQL injection vulnerability in the jEmbed-Embed Anything
(com_jembed) ...)
-	TODO: check
+	NOT-FOR-US: com_jembed component for Joomla!
 CVE-2010-1072 (Cross-site scripting (XSS) vulnerability in search.php in
Sniggabo CMS ...)
-	TODO: check
+	NOT-FOR-US: Sniggabo CMS
 CVE-2010-1071 (SQL injection vulnerability in profil.php in phpMDJ 1.0.3 allows
...)
-	TODO: check
+	NOT-FOR-US: phpMDJ
 CVE-2010-1070 (SQL injection vulnerability in index.php in ImagoScripts Deviant
Art ...)
-	TODO: check
+	NOT-FOR-US: ImagoScripts
 CVE-2010-1069 (SQL injection vulnerability in games/game.php in ProArcadeScript
...)
-	TODO: check
+	NOT-FOR-US: ProArcadeScript
 CVE-2010-1068 (Multiple cross-site scripting (XSS) vulnerabilities in
surgeftpmgr.cgi ...)
-	TODO: check
+	NOT-FOR-US: NetWin SurgeFTP
 CVE-2010-1067 (E-membres 1.0 stores sensitive information under the web root
with ...)
-	TODO: check
+	NOT-FOR-US: E-membres
 CVE-2010-1066 (AR Web Content Manager (AWCM) 2.1 stores sensitive information
under ...)
-	TODO: check
+	NOT-FOR-US: AR Web Content Manager
 CVE-2010-1065 (Lebisoft Ziyaretci Defteri 7.4 and 7.5 stores sensitive
information ...)
-	TODO: check
+	NOT-FOR-US: Lebisoft Ziparetci Defteri
 CVE-2010-1064 (Erolife AjxGaleri VT stores sensitive information under the web
root ...)
-	TODO: check
+	NOT-FOR-US: Erolife AjxGaleri VT
 CVE-2010-1063 (Multiple directory traversal vulnerabilities in Phpkobo Free
Real ...)
-	TODO: check
+	NOT-FOR-US: Phpkobo Free Real Estate Contact Form
 CVE-2010-1062 (Directory traversal vulnerability in codelib/sys/common.inc.php
in ...)
-	TODO: check
+	NOT-FOR-US: Phpkobo Free Real Estate Contact Form
 CVE-2010-1061 (Multiple directory traversal vulnerabilities in Phpkobo Short
URL ...)
-	TODO: check
+	NOT-FOR-US: Phpkbo Short URL
 CVE-2010-1060 (Directory traversal vulnerability in staff/app/common.inc.php in
...)
-	TODO: check
+	NOT-FOR-US: Phpkobo Short URL
 CVE-2010-1059 (Directory traversal vulnerability in staff/app/common.inc.php in
...)
-	TODO: check
+	NOT-FOR-US: Phpkobo Address Book Script
 CVE-2010-1058 (Directory traversal vulnerability in codelib/cfg/common.inc.php
in ...)
-	TODO: check
+	NOT-FOR-US: Phpkobo Adress Book Script
 CVE-2010-1057 (Multiple directory traversal vulnerabilities in Phpkobo AdFreely
(aka ...)
-	TODO: check
+	NOT-FOR-US: Phpkobo AdFreely
 CVE-2010-1056 (Directory traversal vulnerability in the RokDownloads ...)
-	TODO: check
+	NOT-FOR-US: com_rokdownloads component for Joomla!
 CVE-2010-1055 (Multiple PHP remote file inclusion vulnerabilities in osDate
2.1.9 and ...)
-	TODO: check
+	NOT-FOR-US: osDate
 CVE-2010-1054 (Multiple SQL injection vulnerabilities in ParsCMS allow remote
...)
-	TODO: check
+	NOT-FOR-US: ParsCMS
 CVE-2010-1053 (Multiple SQL injection vulnerabilities in Zen Time Tracking 2.2
and ...)
-	TODO: check
+	NOT-FOR-US: Zen Time Tracking
 CVE-2010-1052 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
-	TODO: check
+	NOT-FOR-US: AudiStat
 CVE-2010-1051 (Multiple SQL injection vulnerabilities in index.php in AudiStat
1.3 ...)
-	TODO: check
+	NOT-FOR-US: AudiStat
 CVE-2010-1050 (SQL injection vulnerability in index.php in AudiStat 1.3 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: AudiStat
 CVE-2010-1049 (Multiple SQL injection vulnerabilities in Uiga Business Portal
allow ...)
-	TODO: check
+	NOT-FOR-US: Uiga Business Portal
 CVE-2010-1048 (Cross-site scripting (XSS) vulnerability in blog/index.php in
Uiga ...)
-	TODO: check
+	NOT-FOR-US: Uiga Business Portal
 CVE-2010-1047 (SQL injection vulnerability in index.php in MASA2EL Music City
1.0 and ...)
-	TODO: check
+	NOT-FOR-US: MASA2EL Music City
 CVE-2010-1046 (Multiple SQL injection vulnerabilities in index.php in
Rostermain 1.1 ...)
-	TODO: check
+	NOT-FOR-US: Rostermain
 CVE-2010-1045 (SQL injection vulnerability in the Productbook (com_productbook)
...)
-	TODO: check
+	NOT-FOR-US: com_productbook component for Joomla!
 CVE-2010-1044 (SQL injection vulnerability in Login.do in ManageEngine OpUtils
5.0 ...)
-	TODO: check
+	NOT-FOR-US: ManageEngine OpUtils
 CVE-2010-1043 (Directory traversal vulnerability in index.php in jaxCMS 1.0
allows ...)
-	TODO: check
+	NOT-FOR-US: jaxCMS
 CVE-2010-1042 (Microsoft Windows Media Player 11 does not properly perform
colorspace ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows Media Player
 CVE-2010-1041 (Unspecified vulnerability in the single sign-on functionality in
the ...)
-	TODO: check
+	NOT-FOR-US: IBM DB2 Content Manager Toolkit
 CVE-2010-1040 (The &quot;IP address range limitation&quot; function in
OpenPNE 1.6 through 1.8, ...)
-	TODO: check
+	NOT-FOR-US: OpenPNE
 CVE-2010-1039
 	RESERVED
 CVE-2010-1038
@@ -187,59 +187,59 @@
 CVE-2010-1029 (Stack consumption vulnerability in the WebCore::CSSSelector
function ...)
 	TODO: check
 CVE-2010-1027 (SQL injection vulnerability in the Meet Travelmates (travelmate)
...)
-	TODO: check
+	NOT-FOR-US: travelmate extension for typo3
 CVE-2010-1026 (SQL injection vulnerability in the CleanDB - DBAL (tmsw_cleandb)
...)
-	TODO: check
+	NOT-FOR-US: tmsw_cleandb extension for typo3
 CVE-2010-1025 (Cross-site scripting (XSS) vulnerability in the TGM-Newsletter
...)
-	TODO: check
+	NOT-FOR-US: tgm_newsletter extension for typo3
 CVE-2010-1024 (SQL injection vulnerability in the TGM-Newsletter
(tgm_newsletter) ...)
-	TODO: check
+	NOT-FOR-US: tgm_newsletter extension for typo3
 CVE-2010-1023 (Cross-site scripting (XSS) vulnerability in the UserTask Center,
...)
-	TODO: check
+	NOT-FOR-US: taskcenter_recent extension for typo3
 CVE-2010-1022 (The TYPO3 Security - Salted user password hashes
(t3sec_saltedpw) ...)
-	TODO: check
+	NOT-FOR-US: t3sec_saltedpw extension for typo3
 CVE-2010-1021 (Cross-site scripting (XSS) vulnerability in the Typo3 Quixplorer
...)
-	TODO: check
+	NOT-FOR-US: t3quixplorer extension for typo3
 CVE-2010-1020 (Cross-site scripting (XSS) vulnerability in the Simple Gallery
...)
-	TODO: check
+	NOT-FOR-US: sk_simplegallery extension for typo3
 CVE-2010-1019 (SQL injection vulnerability in the Simple Gallery
(sk_simplegallery) ...)
-	TODO: check
+	NOT-FOR-US: sk_simplegallery extension for typo3
 CVE-2010-1018 (SQL injection vulnerability in the Book Reviews (sk_bookreview)
...)
-	TODO: check
+	NOT-FOR-US: sk_bookreview extension for typo3
 CVE-2010-1017 (SQL injection vulnerability in the SAV Filter Months ...)
-	TODO: check
+	NOT-FOR-US: sav_filter_months extension for typo3
 CVE-2010-1016 (SQL injection vulnerability in the SAV Filter Selectors ...)
-	TODO: check
+	NOT-FOR-US: sav_filter_selectors extension for typo3
 CVE-2010-1015 (SQL injection vulnerability in the SAV Filter Alphabetic ...)
-	TODO: check
+	NOT-FOR-US: sav_filter_abc extension for typo3
 CVE-2010-1014 (Cross-site scripting (XSS) vulnerability in the Reports Logfile
View ...)
-	TODO: check
+	NOT-FOR-US: reports_logview extension for typo3
 CVE-2010-1013 (SQL injection vulnerability in the Diocese of Portsmouth
Database ...)
-	TODO: check
+	NOT-FOR-US: pd_diocesedatabase extension for typo3
 CVE-2010-1012 (SQL injection vulnerability in the CleanDB (nf_cleandb)
extension ...)
-	TODO: check
+	NOT-FOR-US: nf_cleandb extension for typo3
 CVE-2010-1011 (Cross-site scripting (XSS) vulnerability in the myDashboard ...)
-	TODO: check
+	NOT-FOR-US: mydashboard extension for typo3
 CVE-2010-1010 (SQL injection vulnerability in the MK Wastebasket
(mk_wastebasket) ...)
-	TODO: check
+	NOT-FOR-US: mk_wastebasket extension for typo3
 CVE-2010-1009 (SQL injection vulnerability in the Educator extension 0.1.5 for
TYPO3 ...)
-	TODO: check
+	NOT-FOR-US: educator extension for typo3
 CVE-2010-1008 (Cross-site scripting (XSS) vulnerability in the Sellector.com
Widget ...)
-	TODO: check
+	NOT-FOR-US: chsellector extension for typo3
 CVE-2010-1007 (Unspecified vulnerability in the Power Extension Manager
(ch_lightem) ...)
-	TODO: check
+	NOT-FOR-US: ch_lightem extension for typo3
 CVE-2010-1006 (SQL injection vulnerability in the Brainstorming extension 0.1.8
and ...)
-	TODO: check
+	NOT-FOR-US: brainstorming extension for typo3
 CVE-2010-1005 (Cross-site scripting (XSS) vulnerability in the Yet another
TYPO3 ...)
-	TODO: check
+	NOT-FOR-US: yatse extension for typo3
 CVE-2010-1004 (SQL injection vulnerability in the Yet another TYPO3 search
engine ...)
-	TODO: check
+	NOT-FOR-US: yatse extension for typo3
 CVE-2009-4738
 	RESERVED
 CVE-2009-4737
 	RESERVED
 CVE-2009-4736 (Cross-site scripting (XSS) vulnerability in search.php in
CommonSense ...)
-	TODO: check
+	NOT-FOR-US: CommonSense CMS
 CVE-2010-XXXX [phpCAS XSS in final_uri; PHPCAS-52]
 	- glpi <unfixed> (bug #574760)
 	- moodle <unfixed> (bug #574757)
@@ -256,7 +256,7 @@
 	- redmine 0.9.3-3
 	TODO: Check severity, Lenny status
 CVE-2010-1003 (Directory traversal vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: eFront-learning
 CVE-2010-1002
 	RESERVED
 CVE-2010-1001
@@ -1188,7 +1188,7 @@
 CVE-2010-0689 (The ExecuteExe method in the DVBSExeCall Control ActiveX control
...)
 	NOT-FOR-US: ActiveX
 CVE-2010-0688 (Stack-based buffer overflow in Orbital Viewer 1.04 allows ...)
-	TODO: check
+	NOT-FOR-US: Orbital Viewer
 CVE-2010-0687
 	RESERVED
 CVE-2010-0686
@@ -1415,9 +1415,9 @@
 CVE-2010-0620 (Directory traversal vulnerability in the SSL Service in EMC
HomeBase ...)
 	NOT-FOR-US: EMC HomeBase Server
 CVE-2010-0619 (Stack-based buffer overflow in the base, IPDS DLE, Forms DLE,
Barcode ...)
-	TODO: check
+	NOT-FOR-US: Lexmark laser printers
 CVE-2010-0618 (The flood-protection feature in the base, IPDS DLE, Forms DLE,
Barcode ...)
-	TODO: check
+	NOT-FOR-US: Lexmark laser and injet printers and MarkNet devices
 CVE-2010-0617 (Cross-site scripting (XSS) vulnerability in ajax.php in evalSMSI
...)
 	NOT-FOR-US: evalSMSI
 CVE-2010-0616 (evalSMSI 2.1.03 stores passwords in cleartext in the database,
which ...)
@@ -1481,27 +1481,27 @@
 CVE-2010-0587 (Cisco Unified Communications Manager (aka CUCM, formerly
CallManager) ...)
 	NOT-FOR-US: Cisco Unified Communications Manager
 CVE-2010-0586 (Cisco IOS 12.1 through 12.4, when Cisco Unified Communications
Manager ...)
-	TODO: check
+	NOT-FOR-US: Cisco IOS
 CVE-2010-0585 (Cisco IOS 12.1 through 12.4, when Cisco Unified Communications
Manager ...)
-	TODO: check
+	NOT-FOR-US: Cisco IOS
 CVE-2010-0584 (Unspecified vulnerability in Cisco IOS 12.4, when NAT SCCP ...)
-	TODO: check
+	NOT-FOR-US: Cisco IOS
 CVE-2010-0583 (Memory leak in the H.323 implementation in Cisco IOS 12.1
through ...)
-	TODO: check
+	NOT-FOR-US: Cisco IOS
 CVE-2010-0582 (Cisco IOS 12.1 through 12.4, and 15.0M before 15.0(1)M1, allows
remote ...)
-	TODO: check
+	NOT-FOR-US: Cisco IOS
 CVE-2010-0581 (Unspecified vulnerability in the SIP implementation in Cisco IOS
12.3 ...)
-	TODO: check
+	NOT-FOR-US: Cisco IOS
 CVE-2010-0580 (Unspecified vulnerability in the SIP implementation in Cisco IOS
12.3 ...)
-	TODO: check
+	NOT-FOR-US: CiscoIOS
 CVE-2010-0579 (The SIP implementation in Cisco IOS 12.3 and 12.4 allows remote
...)
-	TODO: check
+	NOT-FOR-US: Cisco IOS
 CVE-2010-0578 (The IKE implementation in Cisco IOS 12.2 through 12.4 on Cisco
7200 ...)
-	TODO: check
+	NOT-FOR-US: Cisco IOS
 CVE-2010-0577 (Cisco IOS 12.2 through 12.4, when certain PMTUD, SNAT, or
window-size ...)
-	TODO: check
+	NOT-FOR-US: Cisco IOS
 CVE-2010-0576 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4, IOS XE
2.1.x ...)
-	TODO: check
+	NOT-FOR-US: Cisco IOS
 CVE-2010-0575
 	RESERVED
 CVE-2010-0574
@@ -1834,7 +1834,7 @@
 CVE-2010-0466
 	RESERVED
 CVE-2010-0465 (Cross-site scripting (XSS) vulnerability in the online Documents
...)
-	TODO: check
+	NOT-FOR-US: SugarCRM
 CVE-2010-0464 (Roundcube 0.3.1 and earlier does not request that the web
browser ...)
 	- roundcube 0.3.1-3 (bug #569660)
 CVE-2010-0463 (Horde IMP 4.3.6 and earlier does not request that the web
browser ...)
@@ -8237,7 +8237,7 @@
 	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.19)
 	- linux-2.6.24 <removed> (medium)
 CVE-2009-2907 (Multiple cross-site scripting (XSS) vulnerabilities in
SpringSource tc ...)
-	TODO: check
+	NOT-FOR-US: SpringSource tc Server, Application Management Suite, Hyperic HQ
Open Source, and Hyperic Enterprise
 CVE-2009-2906 (smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before
3.3.8, ...)
 	{DSA-1908-1}
 	- samba 2:3.4.2-1 (low; bug #550423)
Secure testing commits - Mar 2010 - r14330 - data/CVE

[Secure-testing-commits] r14330 - data/CVE
