Author: jmm-guest Date: 2010-07-16 17:39:29 +0000 (Fri, 16 Jul 2010) New Revision: 14998 Modified: data/CVE/list Log: new mysql issue NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-07-15 21:18:13 UTC (rev 14997) +++ data/CVE/list 2010-07-16 17:39:29 UTC (rev 14998) @@ -91,27 +91,27 @@ CVE-2010-2725 RESERVED CVE-2010-2724 (Cross-site scripting (XSS) vulnerability in the Hierarchical Select ...) - TODO: check + NOT-FOR-US: Drupal addon module CVE-2010-2723 (Cross-site scripting (XSS) vulnerability in LISTSERV 15 and 16 allows ...) - TODO: check + NOT-FOR-US: LISTSERV CVE-2010-2722 (Cross-site scripting (XSS) vulnerability in index.php in RightInPoint ...) - TODO: check + NOT-FOR-US: RightInPoint Lyrics Script CVE-2010-2721 (SQL injection vulnerability in index.php in RightInPoint Lyrics Script ...) - TODO: check + NOT-FOR-US: RightInPoint Lyrics Script CVE-2010-2720 (SQL injection vulnerability in list.php in phpaaCms 0.3.1 UTF-8, and ...) - TODO: check + NOT-FOR-US: phpaaCms CVE-2010-2719 (SQL injection vulnerability in show.php in phpaaCms 0.3.1 UTF-8, and ...) - TODO: check + NOT-FOR-US: phpaaCms CVE-2010-2718 (Multiple cross-site scripting (XSS) vulnerabilities in CruxSoftware ...) - TODO: check + NOT-FOR-US: CruxSoftware CVE-2010-2717 (Cross-site scripting (XSS) vulnerability in manager/login.php in ...) - TODO: check + NOT-FOR-US: CruxSoftware CVE-2010-2716 (Multiple SQL injection vulnerabilities in PsNews 1.3 allow remote ...) - TODO: check + NOT-FOR-US: PsNews CVE-2010-2715 (Cross-site scripting (XSS) vulnerability in photos/index.php in TCW ...) - TODO: check + NOT-FOR-US: TCW PHP Album CVE-2010-2714 (SQL injection vulnerability in photos/index.php in TCW PHP Album 1.0 ...) - TODO: check + NOT-FOR-US: TCW PHP Album CVE-2010-2713 RESERVED CVE-2010-2712 @@ -135,76 +135,76 @@ CVE-2010-2703 RESERVED CVE-2010-2702 (Buffer overflow in the UGameEngine::UpdateConnectingMessage function ...) - TODO: check + NOT-FOR-US: Unreal engine CVE-2010-2701 (Multiple buffer overflows in the FathFTP ActiveX control 1.7 allow ...) - TODO: check + NOT-FOR-US: FathFTP ActiveX control CVE-2010-2700 (Cross-site scripting (XSS) vulnerability in index.php in Edge PHP ...) - TODO: check + NOT-FOR-US: Edge PHP Clickbank Affiliate Marketplace Script CVE-2010-2699 (SQL injection vulnerability in index.php in Edge PHP Clickbank ...) - TODO: check + NOT-FOR-US: Edge PHP Clickbank Affiliate Marketplace Script CVE-2010-2698 (Multiple cross-site scripting (XSS) vulnerabilities in Sijio Community ...) - TODO: check + NOT-FOR-US: Sijio Community Software CVE-2010-2697 (Cross-site scripting (XSS) vulnerability in Sijio Community Software ...) - TODO: check + NOT-FOR-US: Sijio Community Software CVE-2010-2696 (SQL injection vulnerability in gallery/index.php in Sijio Community ...) - TODO: check + NOT-FOR-US: Sijio Community Software CVE-2010-2695 (Directory traversal vulnerability in the SFTP/SSH2 virtual server in ...) - TODO: check + NOT-FOR-US: Xlight FTP Server CVE-2010-2694 (SQL injection vulnerability in the redSHOP Component (com_redshop) 1.0 ...) - TODO: check + NOT-FOR-US: Joomla addon CVE-2010-2693 (FreeBSD 7.1 through 8.1-PRERELEASE does not copy the read-only flag ...) - kfreebsd-7 7.3-5 - kfreebsd-8 8.0-10 CVE-2010-2692 (Cross-site scripting (XSS) vulnerability in 2daybiz Custom T-Shirt ...) - TODO: check + NOT-FOR-US: 2daybiz Custom T-Shirt Design Script CVE-2010-2691 (Multiple SQL injection vulnerabilities in 2daybiz Custom T-Shirt ...) - TODO: check + NOT-FOR-US: 2daybiz Custom T-Shirt Design Script CVE-2010-2690 (SQL injection vulnerability in the JOOFORGE Gamesbox (com_gamesbox) ...) - TODO: check + NOT-FOR-US: Joomla addon CVE-2010-2689 (SQL injection vulnerability in cont_form.php in Internet DM WebDM CMS ...) - TODO: check + NOT-FOR-US: Internet DM WebDM CMS CVE-2010-2688 (SQL injection vulnerability in detail.asp in Site2Nite Boat ...) - TODO: check + NOT-FOR-US: Site2Nite Boat Classifieds CVE-2010-2687 (SQL injection vulnerability in printdetail.asp in Site2Nite Boat ...) - TODO: check + NOT-FOR-US: Site2Nite Boat Classifieds CVE-2010-2686 (Multiple SQL injection vulnerabilities in clientes.asp in TopManage ...) - TODO: check + NOT-FOR-US: SAP module CVE-2010-2685 (siteadmin/adduser.php in Customer Paradigm PageDirector CMS does not ...) - TODO: check + NOT-FOR-US: Customer Paradigm PageDirector CMS CVE-2010-2684 (SQL injection vulnerability in index.php in Customer Paradigm ...) - TODO: check + NOT-FOR-US: Customer Paradigm PageDirector CMS CVE-2010-2683 (SQL injection vulnerability in result.php in Customer Paradigm ...) - TODO: check + NOT-FOR-US: Customer Paradigm PageDirector CMS CVE-2010-2682 (Directory traversal vulnerability in the Realtyna Translator ...) - TODO: check + NOT-FOR-US: Joomla addon CVE-2010-2681 (PHP remote file inclusion vulnerability in the SEF404x (com_sef) ...) - TODO: check + NOT-FOR-US: Joomla addon CVE-2010-2680 (Directory traversal vulnerability in the JExtensions JE ...) - TODO: check + NOT-FOR-US: Joomla addon CVE-2010-2679 (SQL injection vulnerability in the Weblinks (com_weblinks) component ...) - TODO: check + NOT-FOR-US: Joomla addon CVE-2010-2678 (SQL injection vulnerability in xmap (com_xmap) component for Joomla! ...) - TODO: check + NOT-FOR-US: Joomla addon CVE-2010-2677 (PHP remote file inclusion vulnerability in mw_plugin.php in Open Web ...) - TODO: check + NOT-FOR-US: Open Web Analytics CVE-2010-2676 (Multiple directory traversal vulnerabilities in index.php in Open Web ...) - TODO: check + NOT-FOR-US: Open Web Analytics CVE-2010-2675 (Cross-site scripting (XSS) vulnerability in index.php in TSOKA:CMS ...) - TODO: check + NOT-FOR-US: TSOKA:CMS CVE-2010-2674 (SQL injection vulnerability in index.php in TSOKA:CMS 1.1, 1.9, and ...) - TODO: check + NOT-FOR-US: TSOKA:CMS CVE-2010-2673 (SQL injection vulnerability in profile_view.php in Devana 1.6.6 and ...) - TODO: check + NOT-FOR-US: Devana CVE-2010-2672 (Multiple SQL injection vulnerabilities in eZ Publish 3.7.0 through ...) - TODO: check + - ezpublish <removed> CVE-2010-2671 (Cross-site scripting (XSS) vulnerability in advancedsearch.php in eZ ...) - TODO: check + - ezpublish <removed> CVE-2010-2670 (SQL injection vulnerability in recipedetail.php in BrotherScripts ...) - TODO: check + NOT-FOR-US: BrotherScripts Recipe Website CVE-2010-2669 (Cross-site scripting (XSS) vulnerability in ...) - TODO: check + NOT-FOR-US: Orbis CMS CVE-2010-2668 (Unspecified vulnerability in Adaptive Micro Systems ALPHA Ethernet ...) - TODO: check + NOT-FOR-US: Adaptive Micro Systems ALPHA Ethernet Adapter CVE-2010-2667 RESERVED CVE-2010-2666 (Opera before 10.54 on Windows and Mac OS X does not properly enforce ...) @@ -228,11 +228,11 @@ CVE-2010-2657 (Opera before 10.60 on Windows and Mac OS X does not properly prevent ...) NOT-FOR-US: Opera CVE-2010-2656 (The IBM BladeCenter with Advanced Management Module (AMM) firmware ...) - TODO: check + NOT-FOR-US: BladeCenter software CVE-2010-2655 (Directory traversal vulnerability in private/file_management.php on ...) - TODO: check + NOT-FOR-US: BladeCenter software CVE-2010-2654 (Multiple cross-site scripting (XSS) vulnerabilities on the IBM ...) - TODO: check + NOT-FOR-US: BladeCenter software CVE-2010-2653 RESERVED CVE-2009-4935 (SQL injection vulnerability in ogp_show.php in Online Guestbook Pro ...) @@ -890,7 +890,7 @@ CVE-2010-2386 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and ...) NOT-FOR-US: Solaris CVE-2010-2385 (Unspecified vulnerability in Oracle Sun Java System Web Proxy Server ...) - TODO: check + NOT-FOR-US: Oracle Sun Java System Web Proxy Server CVE-2010-2384 (Unspecified vulnerability in Oracle Solaris 9 and 10 allows local ...) NOT-FOR-US: Solaris CVE-2010-2383 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and ...) @@ -1856,7 +1856,8 @@ CVE-2010-2009 (Stack-based buffer overflow in the media library in BS.Global ...) NOT-FOR-US: BS.Global BS.Player CVE-2010-2008 (MySQL before 5.1.48 allows remote authenticated users with alter ...) - TODO: check + - mysql-5.1 5.1.48-1 + - mysql-dfsg-5.0 <removed> CVE-2010-2007 (Multiple cross-site request forgery (CSRF) vulnerabilities in LetoDMS ...) - mydms <unfixed> (bug #582587; medium) NOTE: seems to have changed name to letoDMS