Author: kees Date: 2010-05-06 01:12:31 +0000 (Thu, 06 May 2010) New Revision: 14611 Modified: data/CVE/list Log: NFUs: 31 Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-05-05 21:36:38 UTC (rev 14610) +++ data/CVE/list 2010-05-06 01:12:31 UTC (rev 14611) @@ -1,7 +1,7 @@ CVE-2010-XXXX [gdomap file disclosure] - gnustep-base-runtime <unfixed> [lenny] - gnustep-base-runtime <not-affected> (Not installed setuid root) - NOTE: http://thread.gmane.org/gmane.comp.lib.gnustep.bugs/12336 + NOTE: http://thread.gmane.org/gmane.comp.lib.gnustep.bugs/12336 CVE-2010-1723 (Directory traversal vulnerability in the iNetLanka Contact Us Draw ...) TODO: check CVE-2010-1722 (Directory traversal vulnerability in the Online Market (com_market) ...) @@ -125,11 +125,11 @@ CVE-2010-1663 (The Google URL Parsing Library (aka google-url or GURL) in Google ...) TODO: check CVE-2010-1662 (Cross-site scripting (XSS) vulnerability in acpmoderate.php in ...) - TODO: check + NOT-FOR-US: PHP-Quick-Arcade CVE-2010-1661 (Multiple SQL injection vulnerabilities in PHP-Quick-Arcade (PHPQA) ...) - TODO: check + NOT-FOR-US: PHP-Quick-Arcade CVE-2010-1660 (SQL injection vulnerability in help-details.php in CLScript ...) - TODO: check + NOT-FOR-US: CLScript Classifieds Script CVE-2010-1659 (Directory traversal vulnerability in the Ultimate Portfolio ...) NOT-FOR-US: component for Joomla! CVE-2010-1658 (Directory traversal vulnerability in the Code-Garage NoticeBoard ...) @@ -141,15 +141,15 @@ CVE-2010-1655 (Cross-site scripting (XSS) vulnerability in User/User_ChkLogin.asp in ...) NOT-FOR-US: PowerEasy CVE-2010-1654 (Multiple SQL injection vulnerabilities in system_member_login.php in ...) - TODO: check + NOT-FOR-US: Infocus Real Estate Enterprise Edition CVE-2010-1653 (Directory traversal vulnerability in graphics.php in the Graphics ...) - TODO: check + NOT-FOR-US: Graphics component for Joomla! CVE-2010-1652 (Directory traversal vulnerability in the HelpCenter module in Help ...) - TODO: check + NOT-FOR-US: Help Center Live CVE-2010-1651 (IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.31 and 7.0.x ...) - TODO: check + NOT-FOR-US: IBM WebSphere Application Server CVE-2010-1650 (IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.41, 6.1.x ...) - TODO: check + NOT-FOR-US: IBM WebSphere Application Server CVE-2010-1649 RESERVED CVE-2010-1648 @@ -211,45 +211,45 @@ CVE-2010-1620 RESERVED CVE-2010-1612 (The IBM WebSphere DataPower XML Accelerator XA35, Low Latency ...) - TODO: check + NOT-FOR-US: IBM WebSphere DataPower XML Accelerator CVE-2010-1611 (Cross-site request forgery (CSRF) vulnerability in AlegroCart 1.1 ...) - TODO: check + NOT-FOR-US: AlegroCart CVE-2010-1610 (Cross-site request forgery (CSRF) vulnerability in index.php in ...) - TODO: check + NOT-FOR-US: OpenCart CVE-2010-1609 (Cross-site scripting (XSS) vulnerability in SAP NetWeaver 2004 before ...) - TODO: check + NOT-FOR-US: SAP NetWeaver CVE-2010-1608 (Stack-based buffer overflow in IBM Lotus Notes 8.5 and 8.5fp1, and ...) - TODO: check + NOT-FOR-US: IBM Lotus Notes CVE-2010-1607 (Directory traversal vulnerability in wmi.php in the Webmoney Web ...) - TODO: check + NOT-FOR-US: Webmoney Web Merchant Interface component for Joomla! CVE-2010-1606 (Multiple cross-site scripting (XSS) vulnerabilities in NCT Jobs Portal ...) - TODO: check + NOT-FOR-US: NCT Jobs Portal Script CVE-2010-1605 (Multiple SQL injection vulnerabilities in isearch.php in NCT Jobs ...) - TODO: check + NOT-FOR-US: NCT Jobs Portal Script CVE-2010-1604 (Multiple SQL injection vulnerabilities in admin_login.php in NCT Jobs ...) - TODO: check + NOT-FOR-US: NCT Jobs Portal Script CVE-2010-1603 (Directory traversal vulnerability in the ZiMB Core (aka ZiMBCore or ...) - TODO: check + NOT-FOR-US: ZiMB Core component for Joomla! CVE-2010-1602 (Directory traversal vulnerability in the ZiMB Comment ...) - TODO: check + NOT-FOR-US: ZiMB Comment component for Joomla! CVE-2010-1601 (Directory traversal vulnerability in the JA Comment (com_jacomment) ...) - TODO: check + NOT-FOR-US: JA Comment component for Joomla! CVE-2010-1600 (SQL injection vulnerability in the Media Mall Factory (com_mediamall) ...) - TODO: check + NOT-FOR-US: Media Mall Factory component for Joomla! CVE-2010-1599 (SQL injection vulnerability in loadorder.php in NKInFoWeb 2.5 and ...) - TODO: check + NOT-FOR-US: NKInFoWeb CVE-2010-1598 (phpThumb.php in phpThumb() 1.7.9 and possibly other versions, when ...) - TODO: check + NOT-FOR-US: phpThumb() CVE-2010-1597 (Stack-based buffer overflow in zgtips.dll in ZipGenius 6.3.1.2552 ...) - TODO: check + NOT-FOR-US: ZipGenius CVE-2009-4834 (lib.php in Zeroboard 4.1 pl7 allows remote attackers to execute ...) TODO: check CVE-2009-4833 (MySQL Connector/NET before 6.0.4, when using encryption, does not ...) - TODO: check + NOT-FOR-US: MySQL Connector/NET CVE-2009-4832 (The dlpcrypt.sys kernel driver 0.1.1.27 in DESlock+ 4.0.2 allows local ...) - TODO: check + NOT-FOR-US: DLPCryptCore CVE-2009-4831 (Cerulean Studios Trillian 3.1 Basic does not check SSL certificates ...) - TODO: check + NOT-FOR-US: Cerulean Studios Trillian CVE-2010-1619 (Cross-site scripting (XSS) vulnerability in the ...) - moodle <undetermined> TODO: check @@ -1651,7 +1651,7 @@ CVE-2010-1100 (Integer overflow in Arora allows remote attackers to bypass intended ...) - arora <not-affected> (Advisory is wrong, URL range is protected by QUrl) CVE-2010-1099 (Integer overflow in Apple Safari allows remote attackers to bypass ...) - TODO: check + NOT-FOR-US: Apple Safari CVE-2010-1098 (The ANI parser in Microsoft Windows before 7 on the x86 platform, as ...) NOT-FOR-US: Microsoft Windows CVE-2010-1097 (include/userlogin.class.php in DeDeCMS 5.5 GBK, when ...) @@ -1878,7 +1878,7 @@ CVE-2010-0998 RESERVED CVE-2010-0997 (Cross-site scripting (XSS) vulnerability in ...) - TODO: check + NOT-FOR-US: e107 CVE-2010-0996 (Unrestricted file upload vulnerability in e107 before 0.7.20 allows ...) NOT-FOR-US: e107 CVE-2010-0995 @@ -2539,7 +2539,7 @@ CVE-2010-0818 RESERVED CVE-2010-0817 (Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in ...) - TODO: check + NOT-FOR-US: Microsoft SharePoint Server CVE-2010-0816 RESERVED CVE-2010-0815 @@ -2726,7 +2726,7 @@ - texlive-bin <unfixed> (low) [lenny] - texlive-bin <no-dsa> (minor issue) CVE-2010-0738 (The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise ...) - TODO: check + NOT-FOR-US: Red Hat JBoss Enterprise Application Platform CVE-2010-0737 RESERVED CVE-2010-0736 (Cross-site scripting (XSS) vulnerability in the view_queryform ...)