thr3ads.net - Secure testing commits - [Secure-testing-commits] r14679

If this information is useful, please help other people find it:
Share via:
Michael Gilbert
2010-May-11 23:21 UTC
[Secure-testing-commits] r14679 - data/CVE

Author: gilbert-guest
Date: 2010-05-11 23:21:12 +0000 (Tue, 11 May 2010)
New Revision: 14679

Modified:
   data/CVE/list
Log:
NFUs and new issues

Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-05-11 22:31:12 UTC (rev 14678)
+++ data/CVE/list	2010-05-11 23:21:12 UTC (rev 14679)
@@ -5,103 +5,110 @@
 CVE-2010-1869
 	RESERVED
 CVE-2010-1868 (The (1) sqlite_single_query and (2) sqlite_array_query functions
in ...)
+	- php <undetermined>
 	TODO: check
 CVE-2010-1867 (SQL injection vulnerability in the ...)
-	TODO: check
+	NOT-FOR-US: Campsite
 CVE-2010-1866 (The dechunk filter in PHP 5.3 through 5.3.2, when decoding an
HTTP ...)
+	- php <undetermined>
 	TODO: check
 CVE-2010-1865 (Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3
and ...)
-	TODO: check
+	NOT-FOR-US: ClanSphere
 CVE-2010-1864 (The addcslashes function in PHP 5.2 through 5.2.13 and 5.3
through ...)
+	- php <undetermined>
 	TODO: check
 CVE-2010-1863 (SQL injection vulnerability in the shoutbox module ...)
-	TODO: check
+	NOT-FOR-US: ClanTiger
 CVE-2010-1862 (The chunk_split function in PHP 5.2 through 5.2.13 and 5.3
through ...)
+	- php <undetermined>
 	TODO: check
 CVE-2010-1861 (The sysvshm extension for PHP 5.2 through 5.2.13 and 5.3 through
5.3.2 ...)
+	- php <undetermined>
 	TODO: check
 CVE-2010-1860 (The html_entity_decode function in PHP 5.2 through 5.2.13 and
5.3 ...)
+	- php <undetermined>
 	TODO: check
 CVE-2010-1859 (SQL injection vulnerability in newpost.php in DeluxeBB 1.3 and
...)
-	TODO: check
+	NOT-FOR-US: DeluxeBB
 CVE-2010-1858 (Directory traversal vulnerability in the SMEStorage
(com_smestorage) ...)
-	TODO: check
+	NOT-FOR-US: com_smestorage component for joomla!
 CVE-2010-1857 (SQL injection vulnerability in index.php in RepairShop2 1.9.023
Trial, ...)
-	TODO: check
+	NOT-FOR-US: RepairShop2
 CVE-2010-1856 (Cross-site scripting (XSS) vulnerability in index.php in
RepairShop2 ...)
-	TODO: check
+	NOT-FOR-US: RepairShop2
 CVE-2010-1855 (SQL injection vulnerability in auktion.php in Pay Per Watch
&amp; Bid ...)
-	TODO: check
+	NOT-FOR-US: Pay Per Watch & Bid Auktions System
 CVE-2010-1854 (Cross-site scripting (XSS) vulnerability in auktion.php in Pay
Per ...)
-	TODO: check
+	NOT-FOR-US: Pay Per Watch & Bid Auktions System
 CVE-2010-1853 (Multiple stack-based buffer overflows in the tr_magnetParse
function ...)
-	TODO: check
+	- transmission 1.92-1
 CVE-2010-1852 (Microsoft Internet Explorer, when the Invisible Hand extension
is ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2010-1851 (Google Chrome, when the Invisible Hand extension is enabled,
uses ...)
-	TODO: check
+	NOT-FOR-US: Invisible Hand extension for chromium
 CVE-2009-4872 (Multiple SQL injection vulnerabilities in
globepersonnel_login.asp in ...)
-	TODO: check
+	NOT-FOR-US: Logoshows BBS
 CVE-2009-4871 (SQL injection vulnerability in globepersonnel_forum.asp in
Logoshows ...)
-	TODO: check
+	NOT-FOR-US: Logoshows BBS
 CVE-2009-4870 (Multiple SQL injection vulnerabilities in login.php in
PHPCityPortal ...)
-	TODO: check
+	NOT-FOR-US: PHPCityPortal
 CVE-2009-4869 (Cross-site scripting (XSS) vulnerability in index.php in Nasim
Guest ...)
-	TODO: check
+	NOT-FOR-US: Nasim Guest Book
 CVE-2009-4868 (Cross-site scripting (XSS) vulnerability in Hitron Soft Answer
Me 1.0 ...)
-	TODO: check
+	NOT-FOR-US: Hitron Soft Answer Me
 CVE-2009-4867 (Buffer overflow in Tuniac 090517c allows remote attackers to
cause a ...)
-	TODO: check
+	NOT-FOR-US: Tuniac
 CVE-2009-4866 (Cross-site scripting (XSS) vulnerability in search.cgi in
Matt''s ...)
-	TODO: check
+	NOT-FOR-US: Matt''s Script Archive (MSA) Simple Search
 CVE-2009-4865 (Multiple SQL injection vulnerabilities in escorts_search.php in
...)
-	TODO: check
+	NOT-FOR-US: I-Escorts Directory Script and Agency Script
 CVE-2009-4864 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: I-Escorts Directory Script and Agency Script
 CVE-2009-4863 (Stack-based buffer overflow in UltraPlayer Media Player 2.112
allows ...)
-	TODO: check
+	NOT-FOR-US: UltraPlayer Media Player
 CVE-2009-4862 (Multiple SQL injection vulnerabilities in Alwasel 1.5 allow
remote ...)
-	TODO: check
+	NOT-FOR-US: Alwasel
 CVE-2009-4861 (Cross-site scripting (XSS) vulnerability in shownews.php in
SupportPRO ...)
-	TODO: check
+	NOT-FOR-US: SupportPRO SupportDesk
 CVE-2009-4860 (SQL injection vulnerability in demo.php in Typing Pal 1.0 and
earlier ...)
-	TODO: check
+	NOT-FOR-US: Typing Pal
 CVE-2009-4859 (Multiple cross-site scripting (XSS) vulnerabilities in Online
Work ...)
-	TODO: check
+	NOT-FOR-US: Online Work Order Suite (OWOS)
 CVE-2009-4858 (Cross-site scripting (XSS) vulnerability in questiondetail.php
in ...)
-	TODO: check
+	NOT-FOR-US: Yahoo Answers Clone
 CVE-2009-4857 (Cross-site scripting (XSS) vulnerability in login.php in PHP
Photo ...)
-	TODO: check
+	NOT-FOR-US: PHP Photo Vote
 CVE-2009-4856 (Cross-site scripting (XSS) vulnerability in subitems.php in PHP
Easy ...)
-	TODO: check
+	NOT-FOR-US: PHP Easy Shopping Cart
 CVE-2009-4855 (SQL injection vulnerability in index.php in TYPO3 4.0 allows
remote ...)
+	- typo3 <undetermined>
 	TODO: check
 CVE-2009-4854 (addons/import.php in TalkBack 2.3.14 allows remote attackers to
...)
-	TODO: check
+	NOT-FOR-US: TalkBack
 CVE-2009-4853 (Multiple cross-site scripting (XSS) vulnerabilities in JumpBox
before ...)
-	TODO: check
+	NOT-FOR-US: JumpBox
 CVE-2009-4852 (Multiple cross-site scripting (XSS) vulnerabilities in
SemanticScuttle ...)
-	TODO: check
+	NOT-FOR-US: SemanticScuttle
 CVE-2009-4851 (The activation resend function in the Profiles module in XOOPS
before ...)
-	TODO: check
+	NOT-FOR-US: XOOPS
 CVE-2009-4850 (The Awingsoft Awakening Winds3D Viewer plugin 3.5.0.9 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: Awingsoft Awakening Winds3D Viewer
 CVE-2009-4849 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
-	TODO: check
+	NOT-FOR-US: ToutVirtual VirtualIQ Pro
 CVE-2009-4848 (Multiple cross-site scripting (XSS) vulnerabilities in
ToutVirtual ...)
-	TODO: check
+	NOT-FOR-US: ToutVirtual VirtualIQ Pro
 CVE-2009-4847 (Deliantra Server before 2.82 allows remote authenticated users
to ...)
-	TODO: check
+	NOT-FOR-US: Deliantra Server
 CVE-2009-4846 (Multiple buffer overflows in Deliantra Server before 2.82 allow
remote ...)
-	TODO: check
+	NOT-FOR-US: Deliantra Server
 CVE-2009-4845 (The configuration page in ToutVirtual VirtualIQ Pro 3.2 build
7882 ...)
-	TODO: check
+	NOT-FOR-US: ToutVirtual VirtualIQ Pro
 CVE-2009-4844 (ToutVirtual VirtualIQ Pro 3.2 build 7882 does not restrict
access to ...)
-	TODO: check
+	NOT-FOR-US: ToutVirtual VirtualIQ Pro
 CVE-2009-4843 (ToutVirtual VirtualIQ Pro before 3.5 build 8691 does not require
...)
-	TODO: check
+	NOT-FOR-US: ToutVirtual VirtualIQ Pro
 CVE-2009-4842 (Multiple cross-site scripting (XSS) vulnerabilities in
ToutVirtual ...)
-	TODO: check
+	NOT-FOR-US: ToutVirtual VirtualIQ Pro
 CVE-2010-1850
 	RESERVED
 CVE-2010-XXXX [serendipity xinha issue]
@@ -451,9 +458,9 @@
 CVE-2010-1691
 	RESERVED
 CVE-2010-1690 (The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in
...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2010-1689 (The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in
...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2010-1688
 	RESERVED
 CVE-2010-1687 (Stack-based buffer overflow in lpd.exe in Mocha W32 LPD 1.9
allows ...)
@@ -798,7 +805,7 @@
 CVE-2010-1550
 	RESERVED
 CVE-2010-1549 (Unspecified vulnerability in the Agent in HP LoadRunner before
9.50 ...)
-	TODO: check
+	NOT-FOR-US: HP LoadRunner
 CVE-2010-1548
 	RESERVED
 CVE-2010-1547
@@ -1121,7 +1128,7 @@
 CVE-2010-1452
 	RESERVED
 CVE-2010-1451 (The TSB I-TLB load implementation in arch/sparc/kernel/tsb.S in
the ...)
-	TODO: check
+	- linux-2.6 2.6.32-10
 CVE-2010-1450
 	RESERVED
 CVE-2010-1449
@@ -1591,7 +1598,6 @@
 	NOTE: http://www.xmailserver.org/ChangeLog.html#feb_25__2010_v_1_27
 CVE-2010-XXXX [dovecot wrong Mail dir permissions]
 	- dovecot 1:1.2.11-1 (low)
-	TODO: check
 	NOTE: http://www.dovecot.org/list/dovecot-news/2010-March/000152.html
 CVE-2010-XXXX [Linux ThinkPad video output status local DoS]
 	- linux-2.6 2.6.32-12 (bug #565790)
@@ -1891,7 +1897,7 @@
 	[lenny] - libnids <no-dsa> (Minor issue)
 	NOTE: dsniff is the only software in Debian using this lib so the impact is
pretty minor
 CVE-2010-1143 (Cross-site scripting (XSS) vulnerability in VMware View
(formerly ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2010-1142 (VMware Tools in VMware Workstation 6.5.x before 6.5.4 build
246459; ...)
 	NOT-FOR-US: VMware products
 CVE-2010-1141 (VMware Tools in VMware Workstation 6.5.x before 6.5.4 build
246459; ...)
@@ -3603,7 +3609,6 @@
 CVE-2010-XXXX [multiple mod_security issues]
 	- libapache-mod-security 2.5.12-1 (bug #569658)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=563455
-	TODO: check
 CVE-2010-0623 (The futex_lock_pi function in kernel/futex.c in the Linux kernel
...)
 	- linux-2.6 2.6.32-9
 	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28)
Secure testing commits - May 2010 - r14679 - data/CVE

[Secure-testing-commits] r14679 - data/CVE
