Author: jamie-guest
Date: 2009-08-13 18:49:16 +0000 (Thu, 13 Aug 2009)
New Revision: 12582
Modified:
data/CVE/list
Log:
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-08-12 21:14:15 UTC (rev 12581)
+++ data/CVE/list 2009-08-13 18:49:16 UTC (rev 12582)
@@ -1,3 +1,27 @@
+CVE-2009-2761
+ NOT-FOR-US: Avira AntiVir
+CVE-2008-6972
+ NOT-FOR-US: Drupal Content Construction Kit (third-party module)
+CVE-2008-6971
+ NOT-FOR-US: Simple Machines Forum
+CVE-2008-6970
+ NOT-FOR-US: UBB.threads
+CVE-2008-6969
+ NOT-FOR-US: Avactis Shopping Cart
+CVE-2008-6968
+ NOT-FOR-US: Pligg CMS
+CVE-2008-6967
+ NOT-FOR-US: Alt-N MDaemon
+CVE-2008-6966
+ NOT-FOR-US: AJ Square AJ Auction Pro Platinum Skin #1
+CVE-2008-6965
+ NOT-FOR-US: AJ Square AJ Auction OOPD
+CVE-2008-6964
+ NOT-FOR-US: X7 Chat
+CVE-2008-6963
+ NOT-FOR-US: TurnkeyForms Text Link Sales
+CVE-2008-6962
+ NOT-FOR-US: Avira AntiVir Premium
CVE-2009-2760
RESERVED
CVE-2009-2759
@@ -41,75 +65,75 @@
CVE-2009-2740
RESERVED
CVE-2009-2739 (Cross-site scripting (XSS) vulnerability in FreeNAS before
0.69.2 ...)
- TODO: check
+ NOT-FOR-US: FreeNAS
CVE-2009-2738 (Cross-site request forgery (CSRF) vulnerability in the WebGUI
in ...)
- TODO: check
+ NOT-FOR-US: FreeNAS
CVE-2008-6960 (download.php in X10media x10 Automatic Mp3 Search Engine Script
1.5.5 ...)
- TODO: check
+ NOT-FOR-US: X10media
CVE-2008-6959 (Insecure method vulnerability in the Chilkat Socket ActiveX
control ...)
- TODO: check
+ NOT-FOR-US: ActiveX
CVE-2008-6958 (wap/index.php in Crossday Discuz! Board 6.x and 7.x allows
remote ...)
- TODO: check
+ NOT-FOR-US: Crossday Discuz! Board
CVE-2008-6957 (member.php in Crossday Discuz! Board allows remote attackers to
reset ...)
- TODO: check
+ NOT-FOR-US: Crossday Discuz! Board
CVE-2008-6956 (Static code injection vulnerability in admin/admin.php in
mxCamArchive ...)
- TODO: check
+ NOT-FOR-US: mxCamArchive
CVE-2008-6955 (mxCamArchive 2.2 stores sensitive information under the web
root with ...)
- TODO: check
+ NOT-FOR-US: mxCamArchive
CVE-2008-6954 (The web interface (CobblerWeb) in Cobbler before 1.2.9 allows
remote ...)
- TODO: check
+ NOT-FOR-US: Cobbler
CVE-2008-6953 (Buffer overflow in oovoo.exe in ooVoo 1.7.1.35, and possibly
other ...)
- TODO: check
+ NOT-FOR-US: ooVoo
CVE-2008-6952 (SQL injection vulnerability in Rss.php in MauryCMS 0.53.2 and
earlier ...)
- TODO: check
+ NOT-FOR-US: MauryCMS
CVE-2008-6951 (MauryCMS 0.53.2 and earlier does not require administrative ...)
- TODO: check
+ NOT-FOR-US: MauryCMS
CVE-2008-6950 (Multiple SQL injection vulnerabilities in login.asp in Bankoi
...)
- TODO: check
+ NOT-FOR-US: Bankoi WebHosting Control Panel
CVE-2008-6949 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
- TODO: check
+ NOT-FOR-US: Collabtive
CVE-2008-6948 (Unrestricted file upload vulnerability in Collabtive 0.4.8
allows ...)
- TODO: check
+ NOT-FOR-US: Collabtive
CVE-2008-6947 (Collabtive 0.4.8 allows remote attackers to bypass
authentication and ...)
- TODO: check
+ NOT-FOR-US: Collabtive
CVE-2008-6946 (Cross-site scripting (XSS) vulnerability in manageproject.php
in ...)
- TODO: check
+ NOT-FOR-US: Collabtive
CVE-2008-6945 (Multiple cross-site scripting (XSS) vulnerabilities in
Interchange 5.7 ...)
TODO: check
CVE-2008-6944 (Unrestricted file upload vulnerability in ScriptsFeed Auto
Classifieds ...)
- TODO: check
+ NOT-FOR-US: ScriptsFeed Auto Classifieds
CVE-2008-6943 (Unrestricted file upload vulnerability in ScriptsFeed Recipes
Listing ...)
- TODO: check
+ NOT-FOR-US: ScriptsFeed Recipes Listing Portal
CVE-2008-6942 (Unrestricted file upload vulnerability in ScriptsFeed Realtor
...)
- TODO: check
+ NOT-FOR-US: ScriptsFeed Realtor Classifieds System
CVE-2008-6941 (SQL injection vulnerability in the login functionality in
TurnkeyForms ...)
- TODO: check
+ NOT-FOR-US: TurnkeyForms Web Hosting Directory
CVE-2008-6940 (TurnkeyForms Web Hosting Directory stores sensitive information
under ...)
- TODO: check
+ NOT-FOR-US: TurnkeyForms Web Hosting Directory
CVE-2008-6939 (TurnkeyForms Web Hosting Directory allows remote attackers to
bypass ...)
- TODO: check
+ NOT-FOR-US: TurnkeyForms Web Hosting Directory
CVE-2008-6938 (Pi3Web 2.0.3 before PL2, when installed on Windows as a desktop
...)
- TODO: check
+ NOT-FOR-US: Pi3Web
CVE-2008-6937 (Argument injection vulnerability in Exodus 0.10 allows remote
...)
- TODO: check
+ NOT-FOR-US: Exodus
CVE-2008-6936 (Argument injection vulnerability in Exodus 0.10 allows remote
...)
- TODO: check
+ NOT-FOR-US: Exodus
CVE-2008-6935 (Argument injection vulnerability in Exodus 0.10 allows remote
...)
- TODO: check
+ NOT-FOR-US: Exodus
CVE-2008-6934 (Static code injection vulnerability in Sanus|artificium (aka
Sanusart) ...)
- TODO: check
+ NOT-FOR-US: Sanus|artificium (aka Sanusart)
CVE-2008-6933 (Directory traversal vulnerability in index.php in MiniGal b13
(aka ...)
- TODO: check
+ NOT-FOR-US: MiniGal
CVE-2008-6932 (Unrestricted file upload vulnerability in submit_file.php in
...)
- TODO: check
+ NOT-FOR-US: AlstraSoft SendIt Pro
CVE-2008-6931 (Unrestricted file upload vulnerability in PHPStore Job Search
(aka ...)
- TODO: check
+ NOT-FOR-US: PHPStore Job Search (aka PHPCareers)
CVE-2008-6930 (Unrestricted file upload vulnerability in PHPStore Real Estate
allows ...)
- TODO: check
+ NOT-FOR-US: PHPStore Real Estate
CVE-2008-6929 (Unrestricted file upload vulnerability in PHPStore Auto
Classifieds ...)
- TODO: check
+ NOT-FOR-US: PHPStore Auto Classifieds
CVE-2008-6928 (Unrestricted file upload vulnerability in PHPStore Complete ...)
- TODO: check
+ NOT-FOR-US: PHPStore Complete Classifieds
CVE-2009-2737 (The EditCSVAction function in cgi/actions.py in Roundup 1.2
before ...)
{DSA-1754-1}
- roundup 1.4.4-4+lenny1 (bug #518768)
@@ -156,25 +180,25 @@
CVE-2009-2716 (The plugin functionality in Sun Java SE 6 before Update 15 does
not ...)
TODO: check
CVE-2008-6927 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: cPanel
CVE-2008-6926 (Directory traversal vulnerability in ...)
- TODO: check
+ NOT-FOR-US: cPanel
CVE-2008-6925 (Cross-site scripting (XSS) vulnerability in function.php in
Zenphoto ...)
- TODO: check
+ NOT-FOR-US: Zenphoto
CVE-2008-6924 (Multiple cross-site scripting (XSS) vulnerabilities in
register.php in ...)
- TODO: check
+ NOT-FOR-US: eSyndiCat Directory
CVE-2008-6923 (SQL injection vulnerability in the content component
(com_content) ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2008-6922 (Multiple stack-based buffer overflows in CMailCOM.dll in
CMailServer ...)
- TODO: check
+ NOT-FOR-US: CMailServer
CVE-2008-6921 (Unrestricted file upload vulnerability in index.php in
phpAdBoard 1.8 ...)
- TODO: check
+ NOT-FOR-US: phpAdBoard
CVE-2008-6920 (Unrestricted file upload vulnerability in auth.php in
phpEmployment ...)
- TODO: check
+ NOT-FOR-US: phpEmployment
CVE-2008-6919 (profileedit.php TaskDriver 1.3 and earlier allows remote
attackers to ...)
- TODO: check
+ NOT-FOR-US: TaskDriver 1.3
CVE-2008-6918 (Unrestricted file upload vulnerability in admin/galeria.php in
...)
- TODO: check
+ NOT-FOR-US: ThePortal2
CVE-2009-XXXX [wordpress password reset]
- wordpress 2.8.3-2 (unimportant; bug #541102)
[lenny] - wordpress <not-affected> (Vulnerable code not present)
@@ -913,11 +937,11 @@
CVE-2009-2497
RESERVED
CVE-2009-2496 (Heap-based buffer overflow in the Office Web Components ActiveX
...)
- TODO: check
+ NOT-FOR-US: Microsoft Office XP
CVE-2009-2495 (The Active Template Library (ATL) in Microsoft Visual Studio
.NET 2003 ...)
NOT-FOR-US: Microsoft Visual Studio .NET
CVE-2009-2494 (The Active Template Library (ATL) in Microsoft Windows 2000
SP4, XP ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2009-2493 (The Active Template Library (ATL) in Microsoft Visual Studio
.NET 2003 ...)
NOT-FOR-US: Microsoft Visual Studio .NET
CVE-2009-2492 (Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in
Six Apart ...)
@@ -1774,13 +1798,13 @@
CVE-2009-2200 (WebKit in Apple Safari before 4.0.3 does not properly restrict
the URL ...)
TODO: check
CVE-2009-2199 (Incomplete blacklist vulnerability in WebKit in Apple Safari
before ...)
- TODO: check
+ NOT-FOR-US: Apple Safari
CVE-2009-2198 (Apple GarageBand before 5.1 reconfigures Safari to accept all
cookies ...)
NOT-FOR-US: Apple GarageBand
CVE-2009-2197
RESERVED
CVE-2009-2196 (Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows
remote ...)
- TODO: check
+ NOT-FOR-US: Apple Safari
CVE-2009-2195 (Buffer overflow in WebKit in Apple Safari before 4.0.3 allows
remote ...)
TODO: check
CVE-2009-2194 (Apple Mac OS X 10.5 before 10.5.8 does not properly share file
...)
@@ -2175,7 +2199,7 @@
CVE-2009-2027 (The Installer in Apple Safari before 4.0 on Windows allows
local users ...)
NOT-FOR-US: Apple Safari
CVE-2009-2026 (Stack-based buffer overflow in a token searching function in
the ...)
- TODO: check
+ NOT-FOR-US: CA Software Delivery
CVE-2009-2025 (admin/login.php in DM FileManager 3.9.2 allows remote attackers
to ...)
NOT-FOR-US: DM FileManager
CVE-2009-2024 (Vlad Titarenko ASP VT Auth 1.0 stores sensitive information
under the ...)
@@ -2417,9 +2441,9 @@
CVE-2009-1931
RESERVED
CVE-2009-1930 (The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and
SP3, ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2009-1929 (Heap-based buffer overflow in the Microsoft Terminal Services
Client ...)
- TODO: check
+ NOT-FOR-US: ActiveX
CVE-2009-1928
RESERVED
CVE-2009-1927
@@ -2429,11 +2453,11 @@
CVE-2009-1925
RESERVED
CVE-2009-1924 (Integer overflow in the Windows Internet Name Service (WINS)
component ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2009-1923 (Heap-based buffer overflow in the Windows Internet Name Service
(WINS) ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2009-1922 (The Message Queuing (aka MSMQ) service for Microsoft Windows
2000 SP4, ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2009-1921
RESERVED
CVE-2009-1920
@@ -3484,11 +3508,11 @@
CVE-2009-1547
RESERVED
CVE-2009-1546 (Integer overflow in the Windows Media file handling
functionality in ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2009-1545 (Unspecified vulnerability in the Windows Media file handling
...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2009-1544 (Double free vulnerability in the Workstation service in
Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2009-1543
RESERVED
CVE-2009-1542 (The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004
SP1, ...)
@@ -3504,11 +3528,11 @@
CVE-2009-1537 (Unspecified vulnerability in the QuickTime Movie Parser Filter
in ...)
NOT-FOR-US: Microsoft DirectX
CVE-2009-1536 (ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5
Gold and ...)
- TODO: check
+ NOT-FOR-US: Microsoft .NET Framework
CVE-2009-1535 (The WebDAV extension in Microsoft Internet Information Services
(IIS) ...)
NOT-FOR-US: IIS
CVE-2009-1534 (Buffer overflow in the Office Web Components ActiveX Control in
...)
- TODO: check
+ NOT-FOR-US: Microsoft Office XP
CVE-2009-1533 (Buffer overflow in the Works for Windows document converters in
...)
NOT-FOR-US: Microsoft
CVE-2009-1532 (Microsoft Internet Explorer 8 for Windows XP SP2 and SP3; 8 for
Server ...)
@@ -3843,7 +3867,7 @@
CVE-2009-1428 (Multiple cross-site scripting (XSS) vulnerabilities in
ccLgView.exe in ...)
NOT-FOR-US: Symantec
CVE-2009-1427 (Unspecified vulnerability in HP-UX B.11.31 allows local users
to cause ...)
- TODO: check
+ NOT-FOR-US: HP-UX
CVE-2009-1426 (Unspecified vulnerability on HP ProLiant DL and ML 100 Series
G5, G5p, ...)
NOT-FOR-US: HP ProLiant
CVE-2009-1425 (Unspecified vulnerability in HP ProCurve Threat Management
Services zl ...)
@@ -5095,7 +5119,7 @@
CVE-2009-1134 (Excel in 2007 Microsoft Office System SP1 and SP2; Microsoft
Office ...)
NOT-FOR-US: Microsoft
CVE-2009-1133 (Heap-based buffer overflow in Microsoft Remote Desktop
Connection ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2009-1132
RESERVED
CVE-2009-1131 (Multiple stack-based buffer overflows in Microsoft Office
PowerPoint ...)
@@ -6786,7 +6810,7 @@
- cyrus-sasl2 2.1.23.dfsg1-1 (bug #528749)
NOTE: VU#238019
CVE-2009-0687 (The pf_test_rule function in OpenBSD Packet Filter (PF), as
used in ...)
- TODO: check
+ NOT-FOR-US: OpenBSD Packet Filter
CVE-2009-0686 (The TrendMicro Activity Monitor Module (tmactmon.sys)
2.52.0.1002 in ...)
NOT-FOR-US: Trend Micro Internet Pro
CVE-2009-0685
@@ -7419,7 +7443,7 @@
CVE-2009-0563 (Stack-based buffer overflow in Microsoft Office Word 2002 SP3,
2003 ...)
NOT-FOR-US: Microsoft
CVE-2009-0562 (The Office Web Components ActiveX Control in Microsoft Office
XP SP3, ...)
- TODO: check
+ NOT-FOR-US: ActiveX
CVE-2009-0561 (Integer overflow in Excel in Microsoft Office 2000 SP3, Office
XP SP3, ...)
NOT-FOR-US: Microsoft
CVE-2009-0560 (Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003
SP3, ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
