Author: gilbert-guest Date: 2010-05-08 04:26:34 +0000 (Sat, 08 May 2010) New Revision: 14636 Modified: data/CVE/list Log: NFUs and some new issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-05-08 03:09:34 UTC (rev 14635) +++ data/CVE/list 2010-05-08 04:26:34 UTC (rev 14636) @@ -207,51 +207,61 @@ CVE-2010-1747 RESERVED CVE-2010-1746 (Multiple cross-site scripting (XSS) vulnerabilities in the Table JX ...) - TODO: check + NOT-FOR-US: com_grid component for joomla! CVE-2010-1745 (SQL injection vulnerability in ...) - TODO: check + NOT-FOR-US: Campsite CVE-2010-1744 (SQL injection vulnerability in product.html in B2B Gold Script allows ...) - TODO: check + NOT-FOR-US: B2B Gold Script CVE-2010-1743 (SQL injection vulnerability in projects.php in Scratcher allows remote ...) - TODO: check + NOT-FOR-US: Scratcher CVE-2010-1742 (Cross-site scripting (XSS) vulnerability in projects.php in Scratcher ...) - TODO: check + NOT-FOR-US: Scratcher CVE-2010-1741 (SQL injection vulnerability in request_account.php in Billwerx RC ...) - TODO: check + NOT-FOR-US: Billwerx CVE-2010-1740 (SQL injection vulnerability in newsletter.php in GuppY 4.5.18 allows ...) - TODO: check + NOT-FOR-US: GuppY CVE-2010-1739 (SQL injection vulnerability in the Newsfeeds (com_newsfeeds) component ...) - TODO: check + NOT-FOR-US: com_newsfeeds component for joomla! CVE-2010-1738 (Cross-site scripting (XSS) vulnerability in lib/LXR/Common.pm in LXR ...) + - lxr <undetermined> + - lxr-cvs <undetermined> TODO: check CVE-2010-1737 (PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: Gallo CVE-2010-1736 (KrM Haber 1.0 stores sensitive information under the web root with ...) - TODO: check + NOT-FOR-US: KrM Haber CVE-2010-1735 (The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2010-1734 (The SfnINSTRING function in win32k.sys in the kernel in Microsoft ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2010-1733 (Multiple SQL injection vulnerabilities in OCS Inventory NG before ...) + - ocsinventory-server <undetermined> TODO: check CVE-2010-1732 (Cross-site request forgery (CSRF) vulnerability in the users module in ...) - TODO: check + NOT-FOR-US: Zikula Application Framework CVE-2010-1731 (Google Chrome on the HTC Hero allows remote attackers to cause a ...) - TODO: check + - chromium-browser <unfixed> + NOTE: various crashes on window close after opening the file on chromium (including sometimes segfaults) + NOTE: CVE-2010-1729/1730/1731 are the same issue but with different effects CVE-2010-1730 (Dolphin Browser 2.5.0 on the HTC Hero allows remote attackers to cause ...) - TODO: check + - kdelibs <undetermined> + - kde4libs <undetermined> + NOTE: CVE-2010-1729/1730/1731 are the same issue but with different effects CVE-2010-1729 (WebKit.dll in WebKit, as used in Safari.exe 4.531.9.1 in Apple Safari, ...) - TODO: check + - webkit <unfixed> + - qt4-x11 <undetermined> + NOTE: CVE-2010-1729/1730/1731 are the same issue but with different effects + NOTE: dos-only on webkit CVE-2010-1728 (Opera before 10.53 on Windows and Mac OS X does not properly handle a ...) - TODO: check + NOT-FOR-US: Opera CVE-2010-1727 (SQL injection vulnerability in type.asp in JobPost 1.0 allows remote ...) - TODO: check + NOT-FOR-US: JobPost CVE-2010-1726 (SQL injection vulnerability in offers_buy.php in EC21 Clone 3.0 allows ...) - TODO: check + NOT-FOR-US: EC21 CVE-2010-1725 (SQL injection vulnerability in offers_buy.php in Alibaba Clone ...) - TODO: check + NOT-FOR-US: Alibaba Clone Platinum CVE-2010-1724 (Multiple cross-site scripting (XSS) vulnerabilities in Zikula ...) - TODO: check + NOT-FOR-US: Zikula Application Framework CVE-2009-4841 (Heap-based buffer overflow in the SonicMediaPlayer ActiveX control in ...) TODO: check CVE-2009-4840 (Heap-based buffer overflow in the IAManager ActiveX control in ...) @@ -267,51 +277,51 @@ CVE-2009-4835 (The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, ...) TODO: check CVE-2010-1723 (Directory traversal vulnerability in the iNetLanka Contact Us Draw ...) - TODO: check + NOT-FOR-US: com_drawroot component for joomla! CVE-2010-1722 (Directory traversal vulnerability in the Online Market (com_market) ...) - TODO: check + NOT-FOR-US: com_market component for joomla! CVE-2010-1721 (SQL injection vulnerability in the Intellectual Property (aka ...) - TODO: check + NOT-FOR-US: com_iproperty component for joomla! CVE-2010-1720 (SQL injection vulnerability in the Q-Personel (com_qpersonel) ...) - TODO: check + NOT-FOR-US: com_qpersonel component for joomla! CVE-2010-1719 (Directory traversal vulnerability in the MT Fire Eagle ...) - TODO: check + NOT-FOR-US: com_mtfireeagle component for joomla! CVE-2010-1718 (Directory traversal vulnerability in archeryscores.php in the Archery ...) - TODO: check + NOT-FOR-US: com_archeryscores component for joomla! CVE-2010-1717 (Directory traversal vulnerability in the iF surfALERT ...) - TODO: check + NOT-FOR-US: com_if_surfalert component for joomla! CVE-2010-1716 (SQL injection vulnerability in the Agenda Address Book (com_agenda) ...) - TODO: check + NOT-FOR-US: com_agenda component for joomla! CVE-2010-1715 (Directory traversal vulnerability in the Online Examination (aka ...) - TODO: check + NOT-FOR-US: com_onlineexam component for joomla! CVE-2010-1714 (Directory traversal vulnerability in the Arcade Games ...) - TODO: check + NOT-FOR-US: com_arcadegames component for joomla! CVE-2010-1713 (SQL injection vulnerability in modules.php in PostNuke 0.764 allows ...) - TODO: check + NOT-FOR-US: PostNuke CVE-2010-1712 (Multiple cross-site scripting (XSS) vulnerabilities in ...) - TODO: check + NOT-FOR-US: Webmobo WB News CVE-2010-1711 (Cross-site scripting (XSS) vulnerability in carga_foto_al.php in ...) TODO: check CVE-2010-1710 (Directory traversal vulnerability in login.php in Siestta 2.0, when ...) - TODO: check + NOT-FOR-US: Siestta CVE-2010-1709 (Multiple cross-site scripting (XSS) vulnerabilities in upload.cgi in ...) - TODO: check + NOT-FOR-US: G5-Scripts CVE-2010-1708 (Multiple SQL injection vulnerabilities in agentadmin.php in Free ...) - TODO: check + NOT-FOR-US: Free Realty CVE-2010-1707 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...) - TODO: check + NOT-FOR-US: Piwigo CVE-2010-1706 (Multiple SQL injection vulnerabilities in login.php in 2daybiz Auction ...) - TODO: check + NOT-FOR-US: 2daybiz Auction Script CVE-2010-1705 (SQL injection vulnerability in casting_view.php in Modelbook allows ...) - TODO: check + NOT-FOR-US: Modelbook CVE-2010-1704 (Multiple SQL injection vulnerabilities in 2daybiz Polls (aka Advanced ...) - TODO: check + NOT-FOR-US: 2daybiz Polls Script CVE-2010-1703 (Multiple cross-site scripting (XSS) vulnerabilities in ...) - TODO: check + NOT-FOR-US: 2daybiz Polls Script CVE-2010-1702 (SQL injection vulnerability in submitticket.php in WHMCompleteSolution ...) - TODO: check + NOT-FOR-US: WHMCompleteSolution CVE-2010-1701 (SQL injection vulnerability in browse.html in PHP Video Battle Script ...) - TODO: check + NOT-FOR-US: PHP Video Battle Script CVE-2010-1700 RESERVED CVE-2010-1699 @@ -339,11 +349,11 @@ CVE-2010-1688 RESERVED CVE-2010-1687 (Stack-based buffer overflow in lpd.exe in Mocha W32 LPD 1.9 allows ...) - TODO: check + NOT-FOR-US: Mocha W32 LPD CVE-2010-1686 (Stack-based buffer overflow in (1) Urgent Backup 3.20, and (2) ABC ...) - TODO: check + NOT-FOR-US: Urgent Backup CVE-2010-1685 (Stack-based buffer overflow in CursorArts ZipWrangler 1.20 allows ...) - TODO: check + NOT-FOR-US: CursorArts ZipWrangler CVE-2010-1684 RESERVED CVE-2010-1683 @@ -351,7 +361,7 @@ CVE-2010-1682 RESERVED CVE-2010-1681 (Buffer overflow in VISIODWG.DLL before 10.0.6880.4 in Microsoft Office ...) - TODO: check + NOT-FOR-US: Microsoft Office Visio CVE-2010-1680 RESERVED CVE-2010-1679 @@ -383,6 +393,7 @@ CVE-2010-1666 RESERVED CVE-2010-1665 (Google Chrome before 4.1.249.1064 does not properly handle fonts, ...) + - chromium-browser <undetermined> TODO: check CVE-2010-1664 (Google Chrome before 4.1.249.1064 does not properly handle HTML5 ...) TODO: check