Author: corsac
Date: 2012-11-20 06:38:15 +0000 (Tue, 20 Nov 2012)
New Revision: 20518
Modified:
data/CVE/list
Log:
NFUs update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-11-19 21:14:21 UTC (rev 20517)
+++ data/CVE/list 2012-11-20 06:38:15 UTC (rev 20518)
@@ -1,67 +1,67 @@
CVE-2012-5919 (Multiple cross-site scripting (XSS) vulnerabilities in Havalite
1.0.4 ...)
- TODO: check
+ NOT-FOR-US: havalite
CVE-2012-5918 (razorCMS 1.2 allows remote authenticated users to access
administrator ...)
- TODO: check
+ NOT-FOR-US: razorCMS
CVE-2012-5917 (SnackAmp 3.1.3 allows remote attackers to cause a denial of
service ...)
- TODO: check
+ NOT-FOR-US: SnackAmp
CVE-2012-5916 (Neocrome Seditio build 161 allows remote attackers to obtain
sensitive ...)
- TODO: check
+ NOT-FOR-US: Neocrome Seditio
CVE-2012-5915 (Neocrome Seditio build 161 and earlier allows remote attackers
to ...)
- TODO: check
+ NOT-FOR-US: Neocrome Seditio
CVE-2012-5914 (Multiple cross-site scripting (XSS) vulnerabilities in the
sed_import ...)
- TODO: check
+ NOT-FOR-US: Neocrome Seditio
CVE-2012-5913 (Cross-site scripting (XSS) vulnerability in wp-integrator.php
in the ...)
- TODO: check
+ NOT-FOR-US: Wordpress Integrator plugin
CVE-2012-5912 (Multiple SQL injection vulnerabilities in PicoPublisher 2.0
allow ...)
- TODO: check
+ NOT-FOR-US: PicoPublisher
CVE-2012-5911 (Cross-site scripting (XSS) vulnerability in blogs/blog1.php in
...)
- TODO: check
+ NOT-FOR-US: b2evolution
CVE-2012-5910 (SQL injection vulnerability in blogs/htsrv/viewfile.php in
b2evolution ...)
- TODO: check
+ NOT-FOR-US: b2evolution
CVE-2012-5909 (SQL injection vulnerability in admin/modules/user/users.php in
MyBB ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2012-5908 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2012-5907 (Directory traversal vulnerability in json.php in TomatoCart
1.2.0 ...)
- TODO: check
+ NOT-FOR-US: TomatoCart
CVE-2012-5906 (Multiple cross-site scripting (XSS) vulnerabilities in
GreenBrowser ...)
- TODO: check
+ NOT-FOR-US: GreenBrowser
CVE-2012-5905 (Buffer overflow in KnFTPd 1.0.0 allows remote authenticated
users to ...)
- TODO: check
+ NOT-FOR-US: KnFTPd
CVE-2012-5904 (Heap-based buffer overflow in IrfanView before 4.33 allows
remote ...)
- TODO: check
+ NOT-FOR-US: IrfanView
CVE-2012-5903 (Cross-site scripting (XSS) vulnerability in Simple Machines
Forum ...)
- TODO: check
+ NOT-FOR-US: Simple Machine Forum
CVE-2012-5902 (Cross-site scripting (XSS) vulnerability in
ptk/lib/modal_bookmark.php ...)
- TODO: check
+ NOT-FOR-US: DFLabs PTK
CVE-2012-5901 (DFLabs PTK 1.0.5 stores data files with predictable names under
the ...)
- TODO: check
+ NOT-FOR-US: DFLabs PTK
CVE-2012-5900 (Multiple SQL injection vulnerabilities in SAMEDIA LandShop
0.9.2 allow ...)
- TODO: check
+ NOT-FOR-US: SAMEDIA LandShop
CVE-2012-5899 (Cross-site scripting (XSS) vulnerability in
admin/action/objects.php ...)
- TODO: check
+ NOT-FOR-US: SAMEDIA LandShop
CVE-2012-5898 (Cross-site request forgery (CSRF) vulnerability in SAMEDIA
LandShop ...)
- TODO: check
+ NOT-FOR-US: SAMEDIA LandShop
CVE-2012-5897 (The (1) SimpleTree and (2) ReportTree classees in the ARDoc
ActiveX ...)
- TODO: check
+ NOT-FOR-US: Quest in Trust
CVE-2012-5896 (The Annotation Objects Extension ActiveX control in
AnnotateX.dll in ...)
- TODO: check
+ NOT-FOR-US: Quest in Trust
CVE-2012-5895 (Multiple unspecified vulnerabilities in iRODS before 3.1 have
unknown ...)
- TODO: check
+ NOT-FOR-US: iRODS
CVE-2012-5894 (SQL injection vulnerability in hava_post.php in Havalite CMS
1.1.0 and ...)
- TODO: check
+ NOT-FOR-US: Havalite CMS
CVE-2012-5893 (Unrestricted file upload vulnerability in hava_upload.php in
Havalite ...)
- TODO: check
+ NOT-FOR-US: Havalite CMS
CVE-2012-5892 (Havalite CMS 1.1.0 and earlier stores sensitive information
under the ...)
- TODO: check
+ NOT-FOR-US: Havalite CMS
CVE-2012-5891 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
- TODO: check
+ NOT-FOR-US: Dalbum
CVE-2012-5890 (The Front End User Registration (sr_feuser_register) extension
before ...)
- TODO: check
+ NOT-FOR-US: Typo3 extension (sr_feuser_register)
CVE-2012-5889 (Cross-site scripting (XSS) vulnerability in the powermail
extension ...)
- TODO: check
+ NOT-FOR-US: Typo3 extension (powermail)
CVE-2012-5888 (Cross-site scripting (XSS) vulnerability in Basic SEO Features
...)
- TODO: check
+ NOT-FOR-US: Typo3 extension (seo_basics)
CVE-2012-5887 (The HTTP Digest Access Authentication implementation in Apache
Tomcat ...)
TODO: check
CVE-2012-5886 (The HTTP Digest Access Authentication implementation in Apache
Tomcat ...)
@@ -70,6 +70,7 @@
TODO: check
CVE-2011-5244 (Multiple off-by-one errors in the (1) token and (2) linetoken
...)
TODO: check
+ NOTE: new vulnerability in afmparse.c?
CVE-2012-5884 (The User.get method in Bugzilla/WebService/User.pm in Bugzilla
4.3.2 ...)
- bugzilla <removed> (low)
[squeeze] - bugzilla <not-affected> (vulnerable code not present in 3.x)
@@ -134,7 +135,7 @@
CVE-2012-5857
RESERVED
CVE-2012-5856 (Cross-site scripting (XSS) vulnerability in the Uk Cookie (aka
...)
- TODO: check
+ NOT-FOR-US: Wordpress plugin (uk cookie)
CVE-2012-5855
RESERVED
- vlc <unfixed> (unimportant)
@@ -1734,7 +1735,7 @@
CVE-2012-5173
RESERVED
CVE-2012-5172 (The Asial Monaca Debugger application before 1.4.2 for Android
allows ...)
- TODO: check
+ NOT-FOR-US: Asial Monaca Debugger
CVE-2012-5171 (Directory traversal vulnerability in Be Graph BeZIP before 3.10
allows ...)
NOT-FOR-US: Be Graph's BeZIP
CVE-2012-5170 (Open redirect vulnerability in Pebble before 2.6.4 allows
remote ...)
@@ -2222,13 +2223,13 @@
CVE-2012-4960
RESERVED
CVE-2012-4959 (Directory traversal vulnerability in NFRAgent.exe in Novell
File ...)
- TODO: check
+ NOT-FOR-US: Novell File Reporter
CVE-2012-4958 (Directory traversal vulnerability in NFRAgent.exe in Novell
File ...)
- TODO: check
+ NOT-FOR-US: Novell File Reporter
CVE-2012-4957 (Absolute path traversal vulnerability in NFRAgent.exe in Novell
File ...)
- TODO: check
+ NOT-FOR-US: Novell File Reporter
CVE-2012-4956 (Heap-based buffer overflow in NFRAgent.exe in Novell File
Reporter ...)
- TODO: check
+ NOT-FOR-US: Novell File Reporter
CVE-2012-4955 (Cross-site scripting (XSS) vulnerability in Dell OpenManage
Server ...)
NOT-FOR-US: Dell OpenManage SA
CVE-2012-4954 (The edit-profile page in Vanilla Forums before 2.1a32 allows
remote ...)
@@ -2240,37 +2241,37 @@
CVE-2012-4951 (Multiple SQL injection vulnerabilities in
terminal/paramedit.aspx in ...)
NOT-FOR-US: VeriFone VeriCentre Web Console
CVE-2012-4950 (Cross-site scripting (XSS) vulnerability in the Keyword Search
page in ...)
- TODO: check
+ NOT-FOR-US: Pattern Insight
CVE-2012-4949 (SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote
...)
NOT-FOR-US: ESRI ArcGIS
CVE-2012-4948 (The default configuration of Fortinet Fortigate UTM appliances
uses ...)
NOT-FOR-US: Fortinet Fortigate UTM applianced
CVE-2012-4947 (Agile FleetCommander and FleetCommander Kiosk before 4.08 store
...)
- TODO: check
+ NOT-FOR-US: FleetCommander
CVE-2012-4946 (Agile FleetCommander and FleetCommander Kiosk before 4.08 use
an XOR ...)
- TODO: check
+ NOT-FOR-US: FleetCommander
CVE-2012-4945 (Agile FleetCommander and FleetCommander Kiosk before 4.08 allow
remote ...)
- TODO: check
+ NOT-FOR-US: FleetCommander
CVE-2012-4944 (Multiple unrestricted file upload vulnerabilities in Agile ...)
- TODO: check
+ NOT-FOR-US: FleetCommander
CVE-2012-4943 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Agile ...)
- TODO: check
+ NOT-FOR-US: FleetCommander
CVE-2012-4942 (Multiple cross-site scripting (XSS) vulnerabilities in Agile
...)
- TODO: check
+ NOT-FOR-US: FleetCommander
CVE-2012-4941 (Multiple SQL injection vulnerabilities in Agile FleetCommander
and ...)
- TODO: check
+ NOT-FOR-US: FleetCommander
CVE-2012-4940 (Multiple directory traversal vulnerabilities in the View Log
Files ...)
NOT-FOR-US: Axigen Free Mail Server
CVE-2012-4939 (Cross-site scripting (XSS) vulnerability in
IPAMSummaryView.aspx in ...)
NOT-FOR-US: SolarWinds Orion Network Performance Monitor
CVE-2012-4938 (Cross-site scripting (XSS) vulnerability in the web interface
in ...)
- TODO: check
+ NOT-FOR-US: Pattern Insight
CVE-2012-4937 (Session fixation vulnerability in the web interface in Pattern
Insight ...)
- TODO: check
+ NOT-FOR-US: Pattern Insight
CVE-2012-4936 (The web interface in Pattern Insight 2.3 allows remote
attackers to ...)
- TODO: check
+ NOT-FOR-US: Pattern Insight
CVE-2012-4935 (Cross-site request forgery (CSRF) vulnerability in the web
interface ...)
- TODO: check
+ NOT-FOR-US: Pattern Insight
CVE-2012-4934 (TomatoCart 1.1.7, when the PayPal Express Checkout module is
enabled ...)
NOT-FOR-US: TomatoCart
CVE-2012-4933 (The rtrlet web application in the Web Console in Novell
ZENworks Asset ...)
@@ -3564,7 +3565,7 @@
CVE-2012-4542
RESERVED
CVE-2012-4541 (Cross-site scripting (XSS) vulnerability in Piwik before 1.9
allows ...)
- TODO: check
+ NOT-FOR-US: Piwik
CVE-2012-4540 (Off-by-one error in the invoke function in ...)
- icedtea-web 1.3.1-1 (bug #692608)
NOTE: http://seclists.org/oss-sec/2012/q4/237
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
