Author: nion
Date: 2008-02-09 18:55:20 +0000 (Sat, 09 Feb 2008)
New Revision: 8121
Modified:
data/CVE/list
Log:
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-02-09 18:11:02 UTC (rev 8120)
+++ data/CVE/list 2008-02-09 18:55:20 UTC (rev 8121)
@@ -62,27 +62,27 @@
CVE-2008-0612 (Directory traversal vulnerability in htdocs/install/index.php
in XOOPS ...)
NOT-FOR-US: XOOPS
CVE-2008-0611 (SQL injection vulnerability in rmgs/images.php in the RMSOFT
Gallery ...)
- TODO: check
+ NOT-FOR-US: RMSOFT Gallery module for XOOPS
CVE-2008-0610 (Stack-based buffer overflow in the ...)
- TODO: check
+ NOT-FOR-US: UltraVNC
CVE-2008-0609 (Directory traversal vulnerability in index.php in DivideConcept
VHD ...)
- TODO: check
+ NOT-FOR-US: Web Pack 2.0
CVE-2008-0608 (The Logging Server (ftplogsrv.exe) 7.9.14.0 and earlier in
IPSwitch ...)
- TODO: check
+ NOT-FOR-US: IPSwitch WS_FTP
CVE-2008-0607 (SQL injection vulnerability in index.php in the Sigsiu Online
Business ...)
- TODO: check
+ NOT-FOR-US: Sigsiu Online Business Index 2 component for Joomla! and
Mambo
CVE-2008-0606 (SQL injection vulnerability in index.php in the Shambo2
(com_shambo2) ...)
- TODO: check
+ NOT-FOR-US: Shambo2 component for Mambo and Joomla!
CVE-2008-0605 (Multiple cross-site scripting (XSS) vulnerabilities in
AstroSoft ...)
- TODO: check
+ NOT-FOR-US: AstroSoft HelpDesk
CVE-2008-0604 (The LDAP authentication feature in XLight FTP Server before
2.83, when ...)
- TODO: check
+ NOT-FOR-US: XLight FTP Server
CVE-2008-0603 (SQL injection vulnerability in index.php in the amazOOP Awesom!
...)
- TODO: check
+ NOT-FOR-US: amazOOP Awesom! component for Mambo and Joomla!
CVE-2008-0602 (Directory traversal vulnerability in index.php in All Club CMS
(ACCMS) ...)
- TODO: check
+ NOT-FOR-US: All Club CMS (ACCMS)
CVE-2008-0601 (SQL injection vulnerability in index.php in All Club CMS
(ACCMS) ...)
- TODO: check
+ NOT-FOR-US: All Club CMS (ACCMS)
CVE-2008-0600
RESERVED
CVE-2008-0599
@@ -115,103 +115,103 @@
- xulrunner 1.8.1.12-1
- icedove <unfixed>
CVE-2008-0590 (Buffer overflow in Ipswitch WS_FTP Server with SSH 6.1.0.0
allows ...)
- TODO: check
+ NOT-FOR-US: WS_FTP Server with SSH
CVE-2008-0589 (The ps program in bos.rte.control in IBM AIX 5.2, 5.3, and 6.1
allows ...)
- TODO: check
+ NOT-FOR-US: IBM AIX
CVE-2008-0588 (Buffer overflow in the utape program in devices.scsi.tape.diag
in IBM ...)
- TODO: check
+ NOT-FOR-US: IBM AIX
CVE-2008-0587 (Buffer overflow in the uspchrp program in
devices.chrp.base.diag in ...)
- TODO: check
+ NOT-FOR-US: IBM AIX
CVE-2008-0586 (Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local
users to ...)
- TODO: check
+ NOT-FOR-US: IBM AIX
CVE-2008-0585 (sysmgt.websm.webaccess in IBM AIX 5.2 and 5.3 has world
writable ...)
- TODO: check
+ NOT-FOR-US: IBM AIX
CVE-2008-0584 (Multiple buffer overflows in bos.rte.control in IBM AIX 5.2 and
5.3 ...)
- TODO: check
+ NOT-FOR-US: IBM AIX
CVE-2008-0583 (Cross-zone scripting vulnerability in the Internet Explorer web
...)
- TODO: check
+ NOT-FOR-US: Skype
CVE-2008-0582 (Cross-zone scripting vulnerability in the Internet Explorer web
...)
- TODO: check
+ NOT-FOR-US: Skype
CVE-2008-0581 (Geert Moernaut LSrunasE allows local users to gain privileges
by ...)
- TODO: check
+ NOT-FOR-US: LSrunasE
CVE-2008-0580 (Geert Moernaut LSrunasE and Supercrypt use an encryption key
composed ...)
- TODO: check
+ NOT-FOR-US: LSrunasE and Supercrypt
CVE-2008-0579 (SQL injection vulnerability in index.php in the buslicense ...)
- TODO: check
+ NOT-FOR-US: buslicense component for Joomla!
CVE-2008-0578 (Cross-site scripting (XSS) vulnerability in the web management
login ...)
- TODO: check
+ NOT-FOR-US: Tripwire Enterprise/Server Management Web Interface
CVE-2008-0577 (The Project Issue Tracking module 5.x-2.x-dev before 20080130
in the ...)
- TODO: check
+ NOT-FOR-US: Project Issue Tracking module for Drupal
CVE-2008-0576 (Cross-site scripting (XSS) vulnerability in the Project Issue
Tracking ...)
- TODO: check
+ NOT-FOR-US: Project Issue Tracking module for Drupal
CVE-2008-0575 (Cross-site request forgery (CSRF) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: webSPELL
CVE-2008-0574 (Cross-site scripting (XSS) vulnerability in index.php in
webSPELL ...)
- TODO: check
+ NOT-FOR-US: webSPELL
CVE-2008-0573 (IPSecDrv.sys 10.4.0.12 in SafeNET HighAssurance Remote and
SoftRemote ...)
- TODO: check
+ NOT-FOR-US: SafeNET HighAssurance Remote and SoftRemote
CVE-2008-0572 (Multiple PHP remote file inclusion vulnerabilities in Mindmeld
...)
- TODO: check
+ NOT-FOR-US: Mindmeld
CVE-2008-0571 (The point moderation form in the Userpoints 4.7.x before
4.7.x-2.3, ...)
- TODO: check
+ NOT-FOR-US: Userpoints module for Drupal
CVE-2008-0570 (The OpenID 5.x-1.0 and earlier module for Drupal does not
properly ...)
- TODO: check
+ NOT-FOR-US: OpenID module for Drupal
CVE-2008-0569 (The Comment Upload 4.7.x before 4.7.x-0.1 and 5.x before
5.x-0.1 ...)
- TODO: check
+ NOT-FOR-US: Comment upload module for Drupal
CVE-2008-0568 (Unspecified vulnerability in the IP-authentication feature in
the ...)
- TODO: check
+ NOT-FOR-US: Secure Site module for Drupal
CVE-2008-0567 (Multiple PHP remote file inclusion vulnerabilities in
ChronoEngine ...)
- TODO: check
+ NOT-FOR-US: ChronoEngine ChronoForms component for Joomla!
CVE-2008-0566 (PHP remote file inclusion vulnerability in includes/smarty.php
in ...)
- TODO: check
+ NOT-FOR-US: DeltaScripts PHP Links
CVE-2008-0565 (SQL injection vulnerability in vote.php in DeltaScripts PHP
Links 1.3 ...)
- TODO: check
+ NOT-FOR-US: DeltaScripts PHP Links
CVE-2008-0563 (Cross-site request forgery (CSRF) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Liferay Portal
CVE-2008-0562 (SQL injection vulnerability in index.php in the Restaurant ...)
- TODO: check
+ NOT-FOR-US: Restaurant component for Mambo and Joomla!
CVE-2008-0561 (SQL injection vulnerability in index.php in the Arthur Konze
...)
- TODO: check
+ NOT-FOR-US: AkoGallery component for Mambo and Joomla!
CVE-2008-0560 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: cforms wordpress plugin
CVE-2008-0559 (Multiple directory traversal vulnerabilities in Nilson's
Blogger 0.11 ...)
- TODO: check
+ NOT-FOR-US: cforms wordpress plugin
CVE-2008-0558 (Cross-site scripting (XSS) vulnerability in Uniwin eCart
Professional ...)
- TODO: check
+ NOT-FOR-US: Uniwin eCart Professiona
CVE-2008-0557 (SQL injection vulnerability in index.php in the CatalogShop ...)
- TODO: check
+ NOT-FOR-US: CatalogShop componenent for Mambo and Joomla!
CVE-2008-0556
RESERVED
CVE-2008-0555
RESERVED
CVE-2008-0552 (Cross-site scripting (XSS) vulnerability in index.php in
eTicket ...)
- TODO: check
+ NOT-FOR-US: eTicket
CVE-2008-0551 (The NamoInstaller.NamoInstall.1 ActiveX control in
NamoInstaller.dll ...)
- TODO: check
+ NOT-FOR-US: Namo Web Editor
CVE-2008-0550 (Off-by-one error in Steamcast 0.9.75 and earlier allows remote
...)
- TODO: check
+ NOT-FOR-US: Steamcast
CVE-2008-0549 (Integer overflow in the OggHeaderParse function in Steamcast
0.9.75 ...)
- TODO: check
+ NOT-FOR-US: Steamcast
CVE-2008-0548 (Steamcast 0.9.75 and earlier allows remote attackers to cause a
denial ...)
- TODO: check
+ NOT-FOR-US: Steamcast
CVE-2008-0547 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: CandyPress
CVE-2008-0546 (Multiple SQL injection vulnerabilities in CandyPress (CP)
4.1.1.26, ...)
- TODO: check
+ NOT-FOR-US: CandyPress
CVE-2008-0545 (Multiple directory traversal vulnerabilities in Bubbling
Library 1.32 ...)
- TODO: check
+ NOT-FOR-US: Bubbling Library
CVE-2008-0543 (Multiple SQL injection vulnerabilities in Pre Dynamic
Institution ...)
- TODO: check
+ NOT-FOR-US: Pre Dynamic Institution
CVE-2008-0542 (Directory traversal vulnerability in thumbnail.php in Gerd
Tentler ...)
- TODO: check
+ NOT-FOR-US: Simple Forum
CVE-2008-0541 (Multiple cross-site scripting (XSS) vulnerabilities in
forum.php in ...)
- TODO: check
+ NOT-FOR-US: Simple Forum
CVE-2008-0540 (Multiple cross-site scripting (XSS) vulnerabilities in trixbox
2.4.2.0 ...)
- TODO: check
+ NOT-FOR-US: trixbox
CVE-2008-0539 (Cross-site scripting (XSS) vulnerability in
dms/policy/rep_request.php ...)
- TODO: check
+ NOT-FOR-US: F5 BIG-IP Application Security Manager
CVE-2008-0538 (Multiple SQL injection vulnerabilities in phpIP Management
4.3.2 allow ...)
- TODO: check
+ NOT-FOR-US: phpIP Management
CVE-2008-0537
RESERVED
CVE-2008-0536
@@ -237,57 +237,57 @@
CVE-2008-0526
RESERVED
CVE-2008-0525 (PatchLink Update client for Unix allows local users to (1)
truncate ...)
- TODO: check
+ NOT-FOR-US: PatchLink Update client for Unix
CVE-2008-0524 (Cross-site request forgery (CSRF) vulnerability in the
management ...)
- TODO: check
+ NOT-FOR-US: Yamaha router firmware
CVE-2008-0523 (Multiple cross-site scripting (XSS) vulnerabilities in
SoftCart.exe in ...)
- TODO: check
+ NOT-FOR-US: SoftCart
CVE-2008-0522 (Cross-site scripting (XSS) vulnerability in multiple Hal
Networks ...)
- TODO: check
+ NOT-FOR-US: Hal Networks shopping-cart products
CVE-2008-0521 (Multiple directory traversal vulnerabilities in Bubbling
Library 1.32 ...)
- TODO: check
+ NOT-FOR-US: Bubbling Library
CVE-2008-0520 (Multiple SQL injection vulnerabilities in main.php in the
WassUp ...)
- TODO: check
+ NOT-FOR-US: WassUp plugin for WordPress
CVE-2008-0519 (SQL injection vulnerability in index.php in the Atapin Jokes
...)
- TODO: check
+ NOT-FOR-US: Atapin Jokes component for Mambo and Joomla!
CVE-2008-0518 (SQL injection vulnerability in index.php in the Recipes
(com_recipes) ...)
- TODO: check
+ NOT-FOR-US: Recipes component for Mambo and Joomla!
CVE-2008-0517 (SQL injection vulnerability in index.php in the Darko Selesi
...)
- TODO: check
+ NOT-FOR-US: EstateAgent component for Mambo and Joomla!
CVE-2008-0516 (PHP remote file inclusion vulnerability in
spaw/dialogs/confirm.php in ...)
- TODO: check
+ NOT-FOR-US: SQLiteManager
CVE-2008-0515 (SQL injection vulnerability in index.php in the musepoes ...)
- TODO: check
+ NOT-FOR-US: musepoes component for Mambo and Joomla!
CVE-2008-0514 (SQL injection vulnerability in index.php in the Glossary ...)
- TODO: check
+ NOT-FOR-US: Glossary component for Mambo and Joomla!
CVE-2008-0513 (Directory traversal vulnerability in ...)
- TODO: check
+ NOT-FOR-US: phpCMS
CVE-2008-0512 (SQL injection vulnerability in index.php in the fq (com_fq)
component ...)
- TODO: check
+ NOT-FOR-US: fq component for Mambo and Joomla!
CVE-2008-0511 (SQL injection vulnerability in index.php in the MaMML
(com_mamml) ...)
- TODO: check
+ NOT-FOR-US: MaMML component for Mambo and Joomla!
CVE-2008-0510 (SQL injection vulnerability in index.php in the Newsletter ...)
- TODO: check
+ NOT-FOR-US: Newsletter component for Mambo and Joomla!
CVE-2008-0509 (Multiple buffer overflows in IBM AIX 4.3 allow remote attackers
to ...)
- TODO: check
+ NOT-FOR-US: IBM AIX
CVE-2008-0508 (Cross-site request forgery (CSRF) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Dean's Permalinks Migration plugin for WordPress
CVE-2008-0507 (SQL injection vulnerability in adclick.php in the AdServe 0.2
plugin ...)
- TODO: check
+ NOT-FOR-US: AdServe plugin for WordPress
CVE-2008-0506 (include/imageObjectIM.class.php in Coppermine Photo Gallery
(CPG) ...)
- TODO: check
+ NOT-FOR-US: Coppermine Photo Gallery
CVE-2008-0505 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: Coppermine Photo Gallery
CVE-2008-0504 (Multiple SQL injection vulnerabilities in Coppermine Photo
Gallery ...)
- TODO: check
+ NOT-FOR-US: Coppermine Photo Gallery
CVE-2008-0503 (Eval injection vulnerability in admin/op/disp.php in Netwerk
Smart ...)
- TODO: check
+ NOT-FOR-US: Netwerk Smart Publisher
CVE-2008-0502 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Connectix Boards
CVE-2007-6700 (Cross-site scripting (XSS) vulnerability in cgi-bin/bgplg in
the web ...)
- TODO: check
+ NOT-FOR-US: web interface for the BGPD daemon
CVE-2007-6699 (Multiple buffer overflows in the AIM PicEditor 9.5.1.8 ActiveX
control ...)
- TODO: check
+ NOT-FOR-US: AIM PicEditor
CVE-2007-6698 (The BDB backend for slapd in OpenLDAP before 2.3.36, allows
remote ...)
TODO: check
CVE-2007-6696 (Multiple cross-site scripting (XSS) vulnerabilities in
WebCalendar ...)
@@ -1014,7 +1014,7 @@
CVE-2008-0213
RESERVED
CVE-2008-0212 (ovtopmd in HP OpenView Network Node Manager (OV NNM) ...)
- TODO: check
+ NOT-FOR-US: HP OpenView Network Node Manager
CVE-2008-0211
RESERVED
CVE-2008-0210 (Uebimiau Webmail 2.7.10 and 2.7.2 does not protect
authentication ...)
@@ -1084,15 +1084,15 @@
CVE-2008-0183
RESERVED
CVE-2008-0182 (Cross-site request forgery (CSRF) vulnerability in the Admin
portlet ...)
- TODO: check
+ NOT-FOR-US: Liferay Portal
CVE-2008-0181 (Cross-site scripting (XSS) vulnerability in the Admin portlet
in ...)
- TODO: check
+ NOT-FOR-US: Liferay Portal
CVE-2008-0180 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Liferay Portal
CVE-2008-0179 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Liferay Portal
CVE-2008-0178 (Cross-site scripting (XSS) vulnerability in the Enterprise
Admin ...)
- TODO: check
+ NOT-FOR-US: Liferay Portal
CVE-2008-0177
RESERVED
CVE-2008-0176 (Heap-based buffer overflow in w32rtr.exe in GE Fanuc CIMPLICITY
HMI ...)
@@ -1379,7 +1379,7 @@
CVE-2008-0065 (Multiple stack-based buffer overflows in in_mp3.dll in Winamp
5.21, ...)
NOT-FOR-US: Winamp
CVE-2008-0064 (Stack-based buffer overflow in Pierre-emmanuel Gougelet (1)
XnView ...)
- TODO: check
+ NOT-FOR-US: XnView, nconvert GFL SDK for Windows
CVE-2008-0063
RESERVED
CVE-2008-0062
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
