Author: geissert
Date: 2010-06-30 17:01:54 +0000 (Wed, 30 Jun 2010)
New Revision: 14934
Modified:
data/CVE/list
Log:
python-mako issue
NFUs
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-06-30 16:46:42 UTC (rev 14933)
+++ data/CVE/list 2010-06-30 17:01:54 UTC (rev 14934)
@@ -1,3 +1,7 @@
+CVE-2010-XXXX [XSS in python mako''s escape.cgi]
+ - python-mako <undetermined>
+ TODO: check
+ NOTE: http://bugs.python.org/issue9061
CVE-2010-XXXX [XSS in paste.httpexceptions]
- python-paste 1.7.4-1
NOTE: http://bitbucket.org/ianb/paste/changeset/fcae59df8b56
@@ -4,27 +8,27 @@
NOTE: CVE requested
TODO: evaluate
CVE-2010-2515 (Multiple SQL injection vulnerabilities in index.php in the JFaq
...)
- TODO: check
+ NOT-FOR-US: component for Joomla!
CVE-2010-2514 (Cross-site scripting (XSS) vulnerability in the JFaq (com_jfaq)
...)
- TODO: check
+ NOT-FOR-US: component for Joomla!
CVE-2010-2513 (SQL injection vulnerability in the JE Ajax Event Calendar ...)
- TODO: check
+ NOT-FOR-US: component for Joomla!
CVE-2010-2512 (SQL injection vulnerability in customprofile.php in 2daybiz ...)
- TODO: check
+ NOT-FOR-US: 2daybiz Matrimonial Script
CVE-2010-2511 (SQL injection vulnerability in viewnews.php in 2daybiz Multi
Level ...)
- TODO: check
+ NOT-FOR-US: 2daybiz Multi Level Marketing
CVE-2010-2510 (SQL injection vulnerability in customize.php in 2daybiz Web
Template ...)
- TODO: check
+ NOT-FOR-US: 2daybiz Web Template
CVE-2010-2509 (Multiple cross-site scripting (XSS) vulnerabilities in 2daybiz
Web ...)
- TODO: check
+ NOT-FOR-US: 2daybiz Web Template
CVE-2010-2508 (SQL injection vulnerability in user-profile.php in 2daybiz Video
...)
NOT-FOR-US: 2daybiz Video
CVE-2010-2507 (Directory traversal vulnerability in the Picasa2Gallery ...)
- TODO: check
+ NOT-FOR-US: component for Joomla!
CVE-2010-2506 (Cross-site scripting (XSS) vulnerability in debug.cgi in Linksys
...)
NOT-FOR-US: Linksys
CVE-2010-2505 (Soft SaschArt SasCAM Webcam Server 2.6.5, 2.7, and earlier
allows ...)
- TODO: check
+ NOT-FOR-US: Soft SaschArt SasCAM Webcam Server
CVE-2010-2504 (Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allows remote
...)
NOT-FOR-US: Splunk
CVE-2010-2503 (Multiple cross-site scripting (XSS) vulnerabilities in Splunk
4.0 ...)
@@ -99,29 +103,29 @@
- syscp <unfixed> (bug #587481)
NOTE: CVE id requested on oss-sec
CVE-2010-2469 (The Linear eMerge 50 and 5000 uses a default password of eMerge
for ...)
- TODO: check
+ NOT-FOR-US: Linear eMerge
CVE-2010-2468 (The S2 Security NetBox 2.x and 3.x, as used in the Linear eMerge
50 ...)
- TODO: check
+ NOT-FOR-US: S2 Security NetBox
CVE-2010-2467 (The S2 Security NetBox, possibly 2.x and 3.x, as used in the
Linear ...)
- TODO: check
+ NOT-FOR-US: S2 Security NetBox
CVE-2010-2466 (The S2 Security NetBox, possibly 2.x and 3.x, as used in the
Linear ...)
- TODO: check
+ NOT-FOR-US: S2 Security NetBox
CVE-2010-2465 (The S2 Security NetBox 2.5, 3.3, and 4.0, as used in the Linear
eMerge ...)
- TODO: check
+ NOT-FOR-US: S2 Security NetBox
CVE-2010-2464 (Multiple cross-site scripting (XSS) vulnerabilities in the
RSComments ...)
- TODO: check
+ NOT-FOR-US: component for Joomla!
CVE-2010-2463 (Cross-site scripting (XSS) vulnerability in forum.php in Jamroom
...)
- TODO: check
+ NOT-FOR-US: Jamroom
CVE-2010-2462 (SQL injection vulnerability in withdraw_money.php in Toma Cero
OroHYIP ...)
- TODO: check
+ NOT-FOR-US: Toma Cero OroHYIP
CVE-2010-2461 (SQL injection vulnerability in storecat.php in JCE-Tech
Overstock 1 ...)
- TODO: check
+ NOT-FOR-US: JCE-Tech Overstock
CVE-2010-2460 (SQL injection vulnerability in merchant_product_list.php in
JCE-Tech ...)
- TODO: check
+ NOT-FOR-US: JCE-Tech Shareasale Script
CVE-2010-2459 (SQL injection vulnerability in video.php in 2daybiz Video
Community ...)
- TODO: check
+ NOT-FOR-US: 2daybiz Video Community Portal Script
CVE-2010-2458 (Cross-site scripting (XSS) vulnerability in video.php in 2daybiz
Video ...)
- TODO: check
+ NOT-FOR-US: 2daybiz Video Community Portal Script
CVE-2010-2457 (Cross-site scripting (XSS) vulnerability in index.php in
K-Search ...)
NOT-FOR-US: K-Search
CVE-2010-2456 (Multiple directory traversal vulnerabilities in index.php in
Linker ...)
@@ -133,19 +137,19 @@
CVE-2010-2453
RESERVED
CVE-2009-4909 (admin/index.php in oBlog allows remote attackers to conduct ...)
- TODO: check
+ NOT-FOR-US: oBlog
CVE-2009-4908 (Multiple cross-site scripting (XSS) vulnerabilities in oBlog
allow ...)
- TODO: check
+ NOT-FOR-US: oBlog
CVE-2009-4907 (Multiple cross-site request forgery (CSRF) vulnerabilities in
oBlog ...)
- TODO: check
+ NOT-FOR-US: oBlog
CVE-2009-4906 (Cross-site request forgery (CSRF) vulnerability in index.php in
Acc ...)
- TODO: check
+ NOT-FOR-US: Acc PHP eMail
CVE-2009-4905 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
- TODO: check
+ NOT-FOR-US: Acc Statistics
CVE-2009-4904 (article.php in oBlog does not properly restrict comments, which
allows ...)
- TODO: check
+ NOT-FOR-US: oBlog
CVE-2009-4903 (Cross-site scripting (XSS) vulnerability in index.php in oBlog
allows ...)
- TODO: check
+ NOT-FOR-US: oBlog
CVE-2010-2452 [kvirc dir. trav. issue]
RESERVED
{DSA-2065-1}
@@ -1439,7 +1443,7 @@
CVE-2010-1931 (SQL injection vulnerability in includes/content/cart.inc.php in
...)
NOT-FOR-US: CubeCart PHP Shopping Cart
CVE-2010-1930 (Off-by-one error in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2
allows ...)
- TODO: check
+ NOT-FOR-US: Novell iManager
CVE-2010-1929 (Multiple stack-based buffer overflows in the ...)
TODO: check
CVE-2010-1919 (Unspecified vulnerability in EMC Avamar 4.1.x and 5.0 before SP1
...)