Author: gilbert-guest Date: 2010-06-16 01:12:39 +0000 (Wed, 16 Jun 2010) New Revision: 14876 Modified: data/CVE/list Log: nfus and various new issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-06-16 01:11:41 UTC (rev 14875) +++ data/CVE/list 2010-06-16 01:12:39 UTC (rev 14876) @@ -1,83 +1,86 @@ CVE-2010-2294 (Cross-site request forgery (CSRF) vulnerability in Plume CMS 1.2.4 and ...) - TODO: check + NOT-FOR-US: Plume CMS CVE-2010-2293 (The Ping tools web interface in Dlink Di-604 router allows remote ...) - TODO: check + NOT-FOR-US: Dlink Di-604 CVE-2010-2292 (Cross-site scripting (XSS) vulnerability in the Ping tools web ...) - TODO: check + NOT-FOR-US: Dlink Di-604 Router CVE-2010-2291 (Unspecified vulnerability in the web interface in snom VoIP Phone ...) - TODO: check + NOT-FOR-US: snom VoIP Phone CVE-2010-2290 (Cross-site scripting (XSS) vulnerability in cgi-bin/cgix/help in ...) - TODO: check + NOT-FOR-US: McAfee CVE-2010-2289 (Open redirect vulnerability in dana/home/homepage.cgi in Juniper ...) - TODO: check + NOT-FOR-US: Juniper Networks CVE-2010-2288 (Cross-site scripting (XSS) vulnerability in dana/nc/ncrun.cgi in ...) - TODO: check + NOT-FOR-US: Juniper Networks CVE-2010-2282 (Cross-site request forgery (CSRF) vulnerability in TomatoCMS 2.0.6 ...) - TODO: check + NOT-FOR-US: TomatoCMS CVE-2010-2281 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) - TODO: check + NOT-FOR-US: TomatoCMS CVE-2010-2280 (Open redirect vulnerability in the Mobile component in IBM Lotus ...) - TODO: check + NOT-FOR-US: IBM Lotus Connections CVE-2010-2279 (The Top Updates implementation in the Homepage component in IBM Lotus ...) - TODO: check + NOT-FOR-US: IBM Lotus Connections CVE-2010-2278 (The bookmarklet pop-up in the Bookmarks component in IBM Lotus ...) - TODO: check + NOT-FOR-US: IBM Lotus Connections CVE-2010-2277 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus ...) - TODO: check + NOT-FOR-US: IBM Lotus Connections CVE-2010-2276 (The default configuration of the build process in Dojo 0.4.x before ...) - TODO: check + - dojo 1.4.2+dfsg-1 CVE-2010-2275 (Cross-site scripting (XSS) vulnerability in dijit/tests/_testCommon.js ...) - TODO: check + - dojo 1.4.2+dfsg-1 CVE-2010-2274 (Multiple open redirect vulnerabilities in Dojo 1.0.x before 1.0.3, ...) - TODO: check + - dojo 1.4.2+dfsg-1 CVE-2010-2273 (Multiple cross-site scripting (XSS) vulnerabilities in Dojo 1.0.x ...) - TODO: check + - dojo 1.4.2+dfsg-1 CVE-2010-2272 (Unspecified vulnerability in iframe_history.html in Dojo 0.4.x before ...) - TODO: check + - dojo <not-affected> (only affects 0.4 branch) CVE-2010-2271 (Format string vulnerability in authcfg.cgi in Accoria Web Server (aka ...) - TODO: check + NOT-FOR-US: Accoria Web Server CVE-2010-2270 (Accoria Web Server (aka Rock Web Server) 1.4.7 uses a predictable ...) - TODO: check + NOT-FOR-US: Accoria Web Server CVE-2010-2269 (Directory traversal vulnerability in loadstatic.cgi in Accoria Web ...) - TODO: check + NOT-FOR-US: Accoria Web Server CVE-2010-2268 (Cross-site request forgery (CSRF) vulnerability in authcfg.cgi in ...) - TODO: check + NOT-FOR-US: Accoria Web Server CVE-2010-2267 (Multiple cross-site scripting (XSS) vulnerabilities in Accoria Web ...) - TODO: check + NOT-FOR-US: Accoria Web Server CVE-2010-2266 (nginx 0.8.36 allows remote attackers to cause a denial of service ...) + - nginx <undetermined> TODO: check CVE-2009-4895 [linux tty null ptr dereference] - linux-2.6 2.6.32-9 CVE-2009-4894 (Multiple cross-site scripting (XSS) vulnerabilities in profile.php in ...) - TODO: check + NOT-FOR-US: PunBB CVE-2009-4893 (Buffer overflow in UnrealIRCd 3.2beta11 through 3.2.8, when ...) - TODO: check + - unrealircd <itp> (bug #515130) CVE-2010-2265 (Cross-site scripting (XSS) vulnerability in the GetServerName function ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2010-2264 (The Cascading Style Sheets (CSS) implementation in WebKit in Apple ...) - webkit <undetermined> CVE-2010-2263 (nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on ...) + - nginx <undetermined> + NOTE: claimed windows-only TODO: check CVE-2009-4892 (SQL injection vulnerability in Content Management System WEBjump! ...) - TODO: check + NOT-FOR-US: Content Management System WEBjump! CVE-2009-4891 (SQL injection vulnerability in index.php in CS-Cart 2.0.0 Beta 3 ...) - TODO: check + NOT-FOR-US: CS-Cart CVE-2009-4890 (Multiple cross-site scripting (XSS) vulnerabilities in the login ...) - TODO: check + NOT-FOR-US: vBook CVE-2009-4889 (SQL injection vulnerability in books.php in the Book Panel ...) - TODO: check + NOT-FOR-US: book_panel module for php-fusion CVE-2009-4888 (Cross-site scripting (XSS) vulnerability in poster.php in PHortail ...) - TODO: check + NOT-FOR-US: PHortail CVE-2009-4887 (PHP remote file inclusion vulnerability in index.php in CMS S.Builder ...) - TODO: check + NOT-FOR-US: CMS S.Builder CVE-2009-4886 (Multiple directory traversal vulnerabilities in phpCommunity 2 2.1.8 ...) - TODO: check + NOT-FOR-US: phpCommunity CVE-2009-4885 (Cross-site scripting (XSS) vulnerability in templates/1/login.php in ...) - TODO: check + NOT-FOR-US: phpCommunity CVE-2009-4884 (Multiple SQL injection vulnerabilities in phpCommunity 2 2.1.8, when ...) - TODO: check + NOT-FOR-US: phpCommunity CVE-2009-4883 (SQL injection vulnerability in index.php in PHPRecipeBook 2.24 and ...) - TODO: check + NOT-FOR-US: PHPRecipeBook CVE-2010-2283 (The SMB dissector in Wireshark 0.99.6 through 1.0.13, and 1.2.0 ...) - wireshark 1.2.9-1 CVE-2010-2285 (The SMB PIPE dissector in Wireshark 0.8.20 through 1.0.13 and 1.2.0 ...) @@ -89,23 +92,23 @@ CVE-2010-2286 (The SigComp Universal Decompressor Virtual Machine dissector in ...) - wireshark 1.2.9-1 CVE-2010-2262 (Galileo Students Team Weborf before 0.12.1 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Galileo Studens Team Weborf CVE-2010-2261 (Linksys WAP54Gv3 firmware 3.04.03 and earlier allows remote attackers ...) - TODO: check + NOT-FOR-US: Linksys WAP54Gv3 CVE-2010-2260 (Multiple cross-site scripting (XSS) vulnerabilities in Gambit Design ...) - TODO: check + NOT-FOR-US: Gabmbit Design Bandwidth Meter CVE-2010-2259 (Directory traversal vulnerability in the BF Survey (com_bfsurvey) ...) - TODO: check + NOT-FOR-US: com_bfsurvey component for joomla! CVE-2010-2258 (Cross-site scripting (XSS) vulnerability in signupconfirm.php in ...) - TODO: check + NOT-FOR-US: phpBannerExchange CVE-2010-2257 (SQL injection vulnerability in index_ie.php in Pay Per Minute Video ...) - TODO: check + NOT-FOR-US: Pay Per Minute Video Chat Script CVE-2010-2256 (Multiple cross-site scripting (XSS) vulnerabilities in Pay Per Minute ...) - TODO: check + NOT-FOR-US: Pay Per Minute Video Chat Script CVE-2010-2255 (SQL injection vulnerability in the BF Survey Pro (com_bfsurvey_pro) ...) - TODO: check + NOT-FOR-US: com_bfsurvey component for joomla! CVE-2010-2254 (SQL injection vulnerability in the Shape5 Bridge of Hope template for ...) - TODO: check + NOT-FOR-US: joomla! CVE-2010-2253 RESERVED CVE-2010-2252 @@ -235,7 +238,7 @@ CVE-2010-2194 RESERVED CVE-2010-2193 (Multiple unspecified vulnerabilities in the CA (1) PSFormX and (2) ...) - TODO: check + NOT-FOR-US: CA Global Advisor CVE-2010-2192 RESERVED CVE-2010-2191 (The (1) parse_str, (2) preg_match, (3) unpack, and (4) pack functions; ...) @@ -548,7 +551,7 @@ CVE-2010-2076 RESERVED CVE-2010-2075 (UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from ...) - TODO: check + - unrealircd <itp> (bug #515130) CVE-2010-2074 [w3m NULL byte in SSL cert] RESERVED - w3m <unfixed> (low) @@ -617,7 +620,7 @@ CVE-2010-2055 RESERVED CVE-2010-2054 (Integer overflow in httpAdapter.c in httpAdapter in SBLIM SFCB 1.3.4 ...) - TODO: check + NOT-FOR-US: SBLIM SFCB CVE-2010-2053 (emesenelib/ProfileManager.py in emesene before 1.6.2 allows local ...) - emesene 1.6.2-1 (low) [lenny] - emesene <not-affected> (Introduced in 1.6.1) @@ -829,9 +832,9 @@ CVE-2010-1962 (Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 ...) NOT-FOR-US: HP StorageWorks CVE-2010-1961 (Buffer overflow in ovutil.dll in ovwebsnmpsrv.exe in HP OpenView ...) - TODO: check + NOT-FOR-US: HP OpenView Network Node Manager CVE-2010-1960 (Buffer overflow in the error handling functionality in ...) - TODO: check + NOT-FOR-US: HP OpenView Network Node Manager CVE-2010-1959 (Unspecified vulnerability in HP TestDirector for Quality Center 9.2 ...) NOT-FOR-US: HP TestDirector for Quality Center CVE-2010-1958 @@ -878,7 +881,7 @@ - opie <unfixed> (bug #584932) [lenny] - opie <no-dsa> (Minor issue) CVE-2010-1937 (Heap-based buffer overflow in httpAdapter.c in httpAdapter in SBLIM ...) - TODO: check + NOT-FOR-US: SBLIM SFCB CVE-2010-1936 (Directory traversal vulnerability in scr/soustab.php in openMairie ...) NOT-FOR-US: openMairie openComInterne CVE-2010-1935 (Directory traversal vulnerability in scr/soustab.php in openMairie ...) @@ -908,7 +911,7 @@ CVE-2010-1932 RESERVED CVE-2010-1931 (SQL injection vulnerability in includes/content/cart.inc.php in ...) - TODO: check + NOT-FOR-US: CubeCart PHP Shopping Cart CVE-2010-1930 RESERVED CVE-2010-1929 @@ -972,7 +975,7 @@ CVE-2010-1886 RESERVED CVE-2010-1885 (The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2010-1884 RESERVED CVE-2010-1883 @@ -1917,9 +1920,9 @@ CVE-2010-1516 RESERVED CVE-2010-1515 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) - TODO: check + NOT-FOR-US: TomatoCMS CVE-2010-1514 (Unrestricted file upload vulnerability in TomatoCMS 2.0.6 and earlier ...) - TODO: check + NOT-FOR-US: TomatoCMS CVE-2010-1513 (Multiple integer overflows in src/image.c in Ziproxy before 3.0.1 ...) - ziproxy 3.1.0-1 (bug #584933) [lenny] - ziproxy <no-dsa> (Minor issue, obscure attack vector) @@ -3370,7 +3373,7 @@ NOTE: http://seclists.org/bugtraq/2010/Apr/196 TODO: recheck when 1.4.3 gets uploaded to unstable CVE-2010-0990 (Stack-based buffer overflow in Creative Software AutoUpdate Engine ...) - TODO: check + NOT-FOR-US: Creative Software AutoUpdate CVE-2010-0989 (Directory traversal vulnerability in delete.php in Pulse CMS before ...) NOT-FOR-US: Pulse CMS CVE-2010-0988 (Multiple unspecified vulnerabilities in Pulse CMS before 1.2.3 allow ...) @@ -4810,7 +4813,7 @@ CVE-2010-0545 RESERVED CVE-2010-0544 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) - TODO: check + - webkit <undetermined> CVE-2010-0543 RESERVED CVE-2010-0542