thr3ads.net - Secure testing commits - [Secure-testing-commits] r15671

If this information is useful, please help other people find it:
Share via:
Federico Ceratto
2010-Dec-09 19:40 UTC
[Secure-testing-commits] r15671 - data/CVE

Author: federico-guest
Date: 2010-12-09 19:40:19 +0000 (Thu, 09 Dec 2010)
New Revision: 15671

Modified:
   data/CVE/list
Log:
NFUs

Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-12-09 09:14:50 UTC (rev 15670)
+++ data/CVE/list	2010-12-09 19:40:19 UTC (rev 15671)
@@ -230,7 +230,7 @@
 CVE-2010-4413
 	RESERVED
 CVE-2010-4412 (Multiple cross-site scripting (XSS) vulnerabilities in pfSense 2
beta ...)
-	TODO: check
+	NOT-FOR-US: pfSense
 CVE-2010-4411 (Unspecified vulnerability in CGI.pm 3.50 and earlier allows
remote ...)
 	- libcgi-pm-perl <unfixed> (bug #606370)
 CVE-2010-4410 (CRLF injection vulnerability in the header function in (1)
CGI.pm ...)
@@ -262,9 +262,9 @@
 	[lenny] - php5 <not-affected> (intl extension included since 5.3)
 	NOTE: http://www.kb.cert.org/vuls/id/479900
 CVE-2010-4407 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
-	TODO: check
+	NOT-FOR-US: AlGuest
 CVE-2010-4406 (Directory traversal vulnerability in gallery.php in Brunetton
...)
-	TODO: check
+	NOT-FOR-US: LittlePhpGallery
 CVE-2010-4405 (Cross-site scripting (XSS) vulnerability in the Yannick Gaultier
...)
 	TODO: check
 CVE-2010-4404 (SQL injection vulnerability in the Yannick Gaultier sh404SEF
component ...)
@@ -274,11 +274,11 @@
 CVE-2010-4402 (Multiple cross-site scripting (XSS) vulnerabilities in
wp-login.php in ...)
 	TODO: check
 CVE-2010-4401 (languages.inc.php in DynPG CMS 4.2.0 allows remote attackers to
obtain ...)
-	TODO: check
+	NOT-FOR-US: DynPG
 CVE-2010-4400 (SQL injection vulnerability in _rights.php in DynPG CMS 4.2.0
allows ...)
-	TODO: check
+	NOT-FOR-US: DynPG
 CVE-2010-4399 (Directory traversal vulnerability in languages.inc.php in DynPG
CMS ...)
-	TODO: check
+	NOT-FOR-US: DynPG
 CVE-2010-4398 (Stack-based buffer overflow in the RtlQueryRegistryValues
function in ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2010-4397
@@ -353,37 +353,37 @@
 	RESERVED
 	- hypermail <removed> (low; bug #598743)
 CVE-2010-4366 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: Chameleon Social Networking
 CVE-2010-4365 (SQL injection vulnerability in JE Ajax Event Calendar ...)
 	TODO: check
 CVE-2010-4364 (DaDaBIK 4.3 beta3, when running in a case-sensitive environment,
does ...)
-	TODO: check
+	NOT-FOR-US: DaDaBIK
 CVE-2010-4363 (Multiple SQL injection vulnerabilities in contact.php in
MRCGIGUY ...)
-	TODO: check
+	NOT-FOR-US: FreeTicket
 CVE-2010-4362 (Multiple SQL injection vulnerabilities in MicroNetsoft RV Dealer
...)
-	TODO: check
+	NOT-FOR-US: MicroNetsoft RV Dealer
 CVE-2010-4361 (Cross-site scripting (XSS) vulnerability in url-gateway.php in
...)
-	TODO: check
+	NOT-FOR-US: Jurpopage
 CVE-2010-4360 (Multiple SQL injection vulnerabilities in index.php in Jurpopage
0.2.0 ...)
-	TODO: check
+	NOT-FOR-US: Jurpopage
 CVE-2010-4359 (SQL injection vulnerability in index.php in Jurpopage 0.2.0
allows ...)
-	TODO: check
+	NOT-FOR-US: Jurpopage
 CVE-2010-4358 (Multiple cross-site scripting (XSS) vulnerabilities in gb.cgi in
...)
-	TODO: check
+	NOT-FOR-US: MRCGIGUY (MCG) Guestbook
 CVE-2010-4357 (SQL injection vulnerability in comments.php in SiteEngine 7.1
allows ...)
-	TODO: check
+	NOT-FOR-US: SiteEngine
 CVE-2010-4356 (SQL injection vulnerability in news_default.asp in Site2Nite Big
Truck ...)
-	TODO: check
+	NOT-FOR-US: Site2Nite Big Truck
 CVE-2010-4355 (Cross-site scripting (XSS) vulnerability in DaDaBIK before 4.3
beta2, ...)
-	TODO: check
+	NOT-FOR-US: DaDaBIK
 CVE-2009-5019 (Web Wiz NewsPad stores sensitive information under the web root
with ...)
-	TODO: check
+	NOT-FOR-US: Web Wiz NewsPad
 CVE-2008-7269 (Open redirect vulnerability in api.php in SiteEngine 5.x allows
...)
-	TODO: check
+	NOT-FOR-US: SiteEngine
 CVE-2008-7268 (The phpinfo function in SiteEngine 5.x allows remote attackers
to ...)
-	TODO: check
+	NOT-FOR-US: SiteEngine
 CVE-2008-7267 (SQL injection vulnerability in announcements.php in SiteEngine
5.x ...)
-	TODO: check
+	NOT-FOR-US: SiteEngine
 CVE-2010-XXXX [elfsign uses cryptographically weak md5 hashes]
 	- elfsign <unfixed> (low; bug #555668)
 	[lenny] - elfsign <no-dsa> (a stronger hashing algorithm would
completely change functionality of the package)
@@ -424,7 +424,7 @@
 CVE-2010-4331
 	RESERVED
 CVE-2010-4330 (Directory traversal vulnerability in includes/controller.php in
Pulse ...)
-	TODO: check
+	NOT-FOR-US: Pulse CMS Basic
 CVE-2010-4329 (Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton
...)
 	- phpmyadmin 4:3.3.7-2
 CVE-2010-4328
@@ -486,13 +486,13 @@
 CVE-2010-4298 (SQL injection vulnerability in the download module in Free
Simple ...)
 	NOT-FOR-US: Free Simple Software
 CVE-2010-4297 (The VMware Tools update functionality in VMware Workstation
6.5.x ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2010-4296 (vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548
on ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2010-4295 (Race condition in the mounting process in vmware-mount in VMware
...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2010-4294 (The frame decompression functionality in the VMnc media codec in
...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2008-7266 (Cross-site scripting (XSS) vulnerability in an unspecified
Shockwave ...)
 	NOT-FOR-US: RSA Adaptive Authentication
 CVE-2010-XXXX [directory traversal]
@@ -648,7 +648,7 @@
 	RESERVED
 	- linux-2.6 <unfixed>
 CVE-2010-4246 (Multiple cross-site scripting (XSS) vulnerabilities in graph.php
in ...)
-	TODO: check
+	NOT-FOR-US: pfSense
 CVE-2010-4245
 	RESERVED
 	- pootle 2.0.5-0.3 (low; bug #604060)
@@ -2661,7 +2661,7 @@
 CVE-2010-3450
 	RESERVED
 CVE-2010-3449 (Cross-site request forgery (CSRF) vulnerability in Redback
before ...)
-	TODO: check
+	NOT-FOR-US: Redback
 CVE-2010-3448 [Linux ThinkPad video output status local DoS]
 	RESERVED
 	{DSA-2126-1}
@@ -4922,7 +4922,7 @@
 CVE-2010-2640
 	RESERVED
 CVE-2010-2639 (IBM WebSphere Commerce Enterprise 7.0 before 7.0.0.2 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere Commerce Enterprise 7.0
 CVE-2010-2638 (Unspecified vulnerability in IBM WebSphere MQ 7.0 before 7.0.1.5
...)
 	NOT-FOR-US: IBM WebSphere MQ
 CVE-2010-2637 (IBM WebSphere MQ 6.0 before 6.0.2.9 and 7.0 before 7.0.1.1 does
not ...)
@@ -5034,7 +5034,7 @@
 CVE-2010-2587
 	RESERVED
 CVE-2010-2586 (Multiple integer overflows in in_nsv.dll in the in_nsv plugin in
...)
-	TODO: check
+	NOT-FOR-US: Winamp
 CVE-2010-2585 (Multiple buffer overflows in the RealPage Module Upload ActiveX
...)
 	NOT-FOR-US: RealPage Module ActiveX Controls
 CVE-2010-2584 (The Upload method in the RealPage Module Upload ActiveX control
in ...)
Secure testing commits - Dec 2010 - r15671 - data/CVE

[Secure-testing-commits] r15671 - data/CVE
