thr3ads.net - Secure testing commits - [Secure-testing-commits] r18017

If this information is useful, please help other people find it:
Share via:
Yves-Alexis Perez
2012-Jan-03 22:15 UTC
[Secure-testing-commits] r18017 - data/CVE

Author: corsac
Date: 2012-01-03 22:15:27 +0000 (Tue, 03 Jan 2012)
New Revision: 18017

Modified:
   data/CVE/list
Log:
fix NOTE: not-for-us by using correct NOT-FOR-US tag

note: there''s a check needed for Monkey for an old 2002 CVE


Modified: data/CVE/list
==================================================================---
data/CVE/list	2012-01-03 22:04:07 UTC (rev 18016)
+++ data/CVE/list	2012-01-03 22:15:27 UTC (rev 18017)
@@ -43,23 +43,23 @@
 CVE-2012-0265
 	RESERVED
 CVE-2011-5046 (win32k.sys in the kernel-mode drivers in Microsoft Windows 7
...)
-	NOTE: not-for-us (Microsoft Windows 7)
+	NOT-FOR-US: Microsoft Windows 7
 CVE-2011-5045 (Cross-site scripting (XSS) vulnerability in details_view.php in
PHP ...)
-	NOTE: not-for-us
+	NOT-FOR-US: PHP Booking Calendar 10e (not in Debian)
 CVE-2011-5044 (SopCast 3.4.7.45585 uses weak permissions (Everyone:Full
Control) for ...)
-	NOTE: not-for-us (SopCast not in Debian)
+	NOT-FOR-US: SopCast (not in Debian)
 CVE-2011-5043 (TomatoSoft Free Mp3 Player 1.0 allows remote attackers to cause
a ...)
-	NOTE: not-for-us (TomatoSoft Free Mp3 Player not in Debian)
+	NOT-FOR-US: TomatoSoft Free Mp3 Player (not in Debian)
 CVE-2011-5042 (Cross-site scripting (XSS) vulnerability in inc/lib/lib.base.php
in ...)
-	NOTE: not-for-us
+	NOT-FOR-US: SASHA (not in Debian)
 CVE-2011-5041 (Multiple cross-site scripting (XSS) vulnerabilities in Pulse Pro
CMS ...)
-	NOTE: not-for-us (Pulse Pro CMS not in Debian)
+	NOT-FOR-US: Pulse Pro CMS (not in Debian)
 CVE-2011-5040 (Multiple cross-site scripting (XSS) vulnerabilities in
Infoproject ...)
-	NOTE: not-for-us
+	NOT-FOR-US: Infoproject Biznis Heroj (not in Debian)
 CVE-2011-5039 (Multiple SQL injection vulnerabilities in Infoproject Biznis
Heroj ...)
-	NOTE: not-for-us
+	NOT-FOR-US: Infoproject Biznis Heroj (not in Debian)
 CVE-2011-5038 (SQL injection vulnerability in hitCode hitAppoint 4.5.17 and
possibly ...)
-	NOTE: not-for-us
+	NOT-FOR-US: hitAppoint (not in Debian)
 CVE-2011-5037 (Google V8 computes hash values for form parameters without
restricting ...)
 	- libv8 <unfixed> (bug #653962)
 CVE-2011-5036 (Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6
computes ...)
@@ -95269,7 +95269,7 @@
 CVE-2002-2201 (The Printer Administration module for Webmin 0.990 and earlier
allows ...)
 	- webmin 1.000 (high)
 CVE-2002-2200 (Benjamin Lefevre Dobermann FORUM 0.5 and earlier allows remote
...)
-	NOTE: not-for-us (Benjamin Lefevre Dobermann FORUM)
+	NOT-FOR-US: (Benjamin Lefevre Dobermann FORUM)
 CVE-2002-2199 (The default aide.conf file in Advanced Intrusion Detection
Environment ...)
 	NOTE: freebsd misconfiguration
 CVE-2002-2198 (Buffer overflow in ZMailer before 2.99.51_1 allows remote
attackers to ...)
@@ -100746,59 +100746,59 @@
 CVE-2002-1855 (Macromedia JRun 3.0 through 4.0, when running on Windows, allows
...)
 	NOT-FOR-US: Macromedia JRun
 CVE-2002-1854 (Rlaj whois CGI script (whois.cgi) 1.0 allows remote attackers to
...)
-	NOTE: not-for-us
+	NOT-FOR-US: rlaj whois.cgi
 CVE-2002-1853 (Cross-site scripting (XSS) vulnerability in MyNewsGroups 0.4 and
0.4.1 ...)
-	NOTE: not-for-us
+	NOT-FOR-US: MyNewsGroups
 CVE-2002-1852 (Cross-site scripting (XSS) vulnerability in Monkey 0.5.0 allows
remote ...)
-	NOTE: not-for-us
+	TODO: check, monkey 0.9.3 is in Debian, not sure if vulnerable code is present
 CVE-2002-1851 (Buffer overflow in WS_FTP Pro 7.5 allows remote attackers to
execute ...)
-	NOTE: not-for-us
+	NOT-FOR-US: WS_FTP Pro
 CVE-2002-1850 (mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and
possibly ...)
 	- apache2 2.0.42-1
 CVE-2002-1849 (ParaChat Server 4.0 does not log users off if the
browser''s back ...)
-	NOTE: not-for-us
+	NOT-FOR-US: ParaChat
 CVE-2002-1848 (TightVNC before 1.2.4 running on Windows stores unencrypted
passwords ...)
-	NOTE: not-for-us
+	NOT-FOR-US: TightVNC on Windows only
 CVE-2002-1847 (Buffer overflow in mplay32.exe of Microsoft Windows Media Player
(WMP) ...)
-	NOTE: not-for-us
+	NOT-FOR-US: Microsoft Windows Media Player
 CVE-2002-1846 (Yet Another Bulletin Board (YaBB) 1.40 and 1.41 does not require
a ...)
-	NOTE: not-for-us
+	NOT-FOR-US: YaBB
 CVE-2002-1845 (Cross-site scripting (XSS) vulnerability in index.php in Yet
Another ...)
-	NOTE: not-for-us
+	NOT-FOR-US: YaBB
 CVE-2002-1844 (Microsoft Windows Media Player (WMP) 6.3, when installed on
Solaris, ...)
-	NOTE: not-for-us
+	NOT-FOR-US: Microsoft Windows Media Player
 CVE-2002-1843 (Perlbot 1.9.2 allows remote attackers to execute arbitrary
commands ...)
-	NOTE: not-for-us
+	NOT-FOR-US: Perlbot
 CVE-2002-1842 (Perlbot 1.0 beta allows remote attackers to execute arbitrary
commands ...)
-	NOTE: not-for-us
+	NOT-FOR-US: Perlbot
 CVE-2002-1841 (The document management module in NOLA 1.1.1 and 1.1.2 does not
...)
-	NOTE: not-for-us
+	NOT-FOR-US: Nogusta NOLA
 CVE-2002-1840 (irssi IRC client 0.8.4, when downloaded after 14-March-2002,
could ...)
-	NOTE: not-for-us
+	NOT-FOR-US: some irssi tarballs contained a backdoor
 CVE-2002-1839 (Trend Micro InterScan VirusWall for Windows NT 3.52 does not
record ...)
-	NOTE: not-for-us
+	NOT-FOR-US: Trend Micro InterScan VirusWall (Windows NT 3.52)
 CVE-2002-1838 (Charities.cron 1.0.2 through 1.6.0 allows local users to write
to ...)
-	NOTE: not-for-us
+	NOT-FOR-US: Charities.cron
 CVE-2002-1837 (The getAlbumToDisplay function in idsShared.pm for Image Display
...)
-	NOTE: not-for-us
+	NOT-FOR-US: Image Display System
 CVE-2002-1836 (The default configuration of Xerox DocuTech 6110 and DocuTech
6115 ...)
-	NOTE: not-for-us
+	NOT-FOR-US: Xerox Docutech
 CVE-2002-1835 (The default configuration of Xerox DocuTech 6110 and DocuTech
6115 ...)
-	NOTE: not-for-us
+	NOT-FOR-US: Xerox Docutech
 CVE-2002-1834 (The default configuration of Xerox DocuTech 6110 and DocuTech
6115 ...)
-	NOTE: not-for-us
+	NOT-FOR-US: Xerox Docutech
 CVE-2002-1833 (The default configurations for DocuTech 6110 and DocuTech 6115
have a ...)
-	NOTE: not-for-us
+	NOT-FOR-US: Xerox Docutech
 CVE-2002-1832 (Unknown vulnerability in the &quot;ipopts decode&quot;
functionality in ...)
-	NOTE: not-for-us
+	NOT-FOR-US: Firestorm IDS
 CVE-2002-1831 (Microsoft MSN Messenger Service 1.0 through 4.6 allows remote
...)
-	NOTE: not-for-us
+	NOT-FOR-US: Microsoft MSN Messenger Service
 CVE-2002-1830 (Open Bulletin Board (OpenBB) 1.0.0 RC3 allows remote attackers
to ...)
-	NOTE: not-for-us
+	NOT-FOR-US: Open Bulletin Board
 CVE-2002-1829 (Cross-site scripting (XSS) vulnerability in codeparse.php in
Open ...)
-	NOTE: not-for-us
+	NOT-FOR-US: Open Bulletin Board
 CVE-2002-1828 (Savant Webserver 3.1 allows remote attackers to cause a denial
of ...)
-	NOTE: not-for-us
+	NOT-FOR-US: Savant Webserver
 CVE-2002-1827 (Sendmail 8.9.0 through 8.12.3 allows local users to cause a
denial of ...)
 	- sendmail 8.12-4
 CVE-2002-1826 (grsecurity 1.9.4 for Linux kernel 2.4.18 allows local users to
bypass ...)
Secure testing commits - Jan 2012 - r18017 - data/CVE

[Secure-testing-commits] r18017 - data/CVE
