Author: jmm-guest Date: 2010-05-28 21:44:15 +0000 (Fri, 28 May 2010) New Revision: 14765 Modified: data/CVE/list Log: new webgui issue NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-05-28 21:38:10 UTC (rev 14764) +++ data/CVE/list 2010-05-28 21:44:15 UTC (rev 14765) @@ -1,9 +1,9 @@ CVE-2010-2104 (Directory traversal vulnerability in Orbit Downloader 3.0.0.4 and ...) - TODO: check + NOT-FOR-US: Orbit Downloader CVE-2010-2103 (Cross-site scripting (XSS) vulnerability in ...) TODO: check CVE-2010-2102 (Buffer overflow in Webby Webserver 1.01 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Webby Webserver CVE-2010-2101 (The (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) ...) - php5 <unfixed> (unimportant) NOTE: Only triggerable through malicious script @@ -30,37 +30,37 @@ CVE-2010-2092 (SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier ...) TODO: check CVE-2010-2091 (Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 ...) - TODO: check + NOT-FOR-US: Microsoft OWA CVE-2010-2090 (The npb_protocol_error function in sna V5router64 in IBM ...) - TODO: check + NOT-FOR-US: IBM Communications Server CVE-2010-2089 (The audioop module in Python 2.7 and 3.2 does not verify the ...) TODO: check CVE-2010-2088 (ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted ...) - TODO: check + NOT-FOR-US: Microsoft .NET CVE-2010-2087 (Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere Application ...) - TODO: check + NOT-FOR-US: Oracle Mojarra CVE-2010-2086 (Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application ...) - TODO: check + NOT-FOR-US: Apache MyFaces CVE-2010-2085 (The default configuration of ASP.NET in Microsoft .NET before 1.1 has ...) - TODO: check + NOT-FOR-US: Microsoft .NET CVE-2010-2084 (Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property ...) - TODO: check + NOT-FOR-US: Microsoft .NET CVE-2010-2083 (Microsoft Dynamics GP has a default value of ACCESS for the system ...) - TODO: check + NOT-FOR-US: Microsoft Dynamics GP CVE-2010-2082 (The web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 ...) - TODO: check + NOT-FOR-US: Cisco CVE-2010-2081 RESERVED CVE-2010-2080 RESERVED CVE-2009-4879 (The Identity Server in Novell Access Manager before 3.1 SP1 allows ...) - TODO: check + NOT-FOR-US: Novell Access Manager CVE-2009-4878 (Unspecified vulnerability in the Administration Console in Novell ...) - TODO: check + NOT-FOR-US: Novell Access Manager CVE-2009-4877 (Multiple cross-site request forgery (CSRF) vulnerabilities in WebGUI ...) - TODO: check + - webgui 7.7.22-1 CVE-2009-4876 (admin/cikkform.php in Netrix CMS 1.0 allows remote attackers to modify ...) - TODO: check + NOT-FOR-US: Netrix CMS CVE-2009-4875 (FCKeditor.Java 2.4 allows remote attackers to cause a denial of ...) TODO: check CVE-2009-4874 (TalkBack 2.3.14 does not properly restrict access to the edit comment ...) @@ -68,12 +68,11 @@ CVE-2009-4873 (Stack-based buffer overflow in the HTTP server in Rhino Software ...) TODO: check CVE-2010-2079 (DataTrack System 3.5 allows remote attackers to bypass intended ...) - TODO: check + NOT-FOR-US: DataTrack System CVE-2010-2078 (DataTrack System 3.5 allows remote attackers to list the root ...) - TODO: check + NOT-FOR-US: DataTrack System CVE-2010-2077 REJECTED - TODO: check CVE-2010-2076 RESERVED CVE-2010-2075