Author: carnil
Date: 2015-01-15 16:29:33 +0000 (Thu, 15 Jan 2015)
New Revision: 31361
Modified:
data/CVE/list
Log:
Add NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-01-15 16:14:08 UTC (rev 31360)
+++ data/CVE/list 2015-01-15 16:29:33 UTC (rev 31361)
@@ -292,157 +292,157 @@
CVE-2014-10040
RESERVED
CVE-2014-10038 (SQL injection vulnerability in agenda/indexdate.php in DomPHP
0.83 and ...)
- TODO: check
+ NOT-FOR-US: DomPHP
CVE-2014-10037 (Directory traversal vulnerability in DomPHP 0.83 and earlier
allows ...)
- TODO: check
+ NOT-FOR-US: DomPHP
CVE-2014-10036 (Cross-site scripting (XSS) vulnerability in JetBrains TeamCity
before ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2014-10035 (Multiple cross-site scripting (XSS) vulnerabilities in the
admin area ...)
- TODO: check
+ NOT-FOR-US: couponPHP
CVE-2014-10034 (Multiple SQL injection vulnerabilities in the admin area in
couponPHP ...)
- TODO: check
+ NOT-FOR-US: couponPHP
CVE-2014-10033 (SQL injection vulnerability in the update_zone function in ...)
- TODO: check
+ NOT-FOR-US: osCommerce Online Merchant
CVE-2014-10032 (SQL injection vulnerability in news_popup.php in Taboada
MacroNews 1.0 ...)
- TODO: check
+ NOT-FOR-US: Taboada MacroNews
CVE-2014-10031 (Buffer overflow in the IMAPd service in Qualcomm Eudora
WorldMail ...)
- TODO: check
+ NOT-FOR-US: Qualcomm Eudora WorldMail
CVE-2014-10030 (Open redirect vulnerability in forums/login.php in FluxBB
before ...)
- TODO: check
+ NOT-FOR-US: FluxBB
CVE-2014-10029 (SQL injection vulnerability in profile.php in FluxBB before
1.4.13 and ...)
- TODO: check
+ NOT-FOR-US: FluxBB
CVE-2014-10028 (Cross-site scripting (XSS) vulnerability in D-Link DAP-1360
router ...)
- TODO: check
+ NOT-FOR-US: D-Link DAP-1360 router
CVE-2014-10027 (Multiple cross-site request forgery (CSRF) vulnerabilities in
D-Link ...)
- TODO: check
+ NOT-FOR-US: D-Link DAP-1360
CVE-2014-10026 (index.cgi in D-Link DAP-1360 with firmware 2.5.4 and earlier
allows ...)
- TODO: check
+ NOT-FOR-US: D-Link DAP-1360
CVE-2014-10025 (Multiple cross-site request forgery (CSRF) vulnerabilities in
D-Link ...)
- TODO: check
+ NOT-FOR-US: D-Link DAP-1360
CVE-2014-10024 (Multiple integer signedness errors in DirectShowDemuxFilter,
as used ...)
- TODO: check
+ NOT-FOR-US: Divx Web Player, Divx Player and Divx plugins
CVE-2014-10023 (Multiple SQL injection vulnerabilities in TopicsViewer 3.0
Beta 1 ...)
- TODO: check
+ NOT-FOR-US: TopicsViewer
CVE-2014-10021 (Unrestricted file upload vulnerability in UploadHandler.php in
the WP ...)
- TODO: check
+ NOT-FOR-US: WP Symposium plugin for WordPress
CVE-2014-10020 (SQL injection vulnerability in login.php in Simple e-document
1.31 ...)
- TODO: check
+ NOT-FOR-US: Simple e-document
CVE-2014-10019 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
- TODO: check
+ NOT-FOR-US: Teracom T2-B-Gawv1.4U10Y-BI modem
CVE-2014-10018 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Teracom T2-B-Gawv1.4U10Y-BI modem
CVE-2014-10017 (Multiple SQL injection vulnerabilities in the Welcart
e-Commerce ...)
- TODO: check
+ NOT-FOR-US: Welcart e-Commerce plugin for WordPress
CVE-2014-10016 (Multiple cross-site scripting (XSS) vulnerabilities in the
Welcart ...)
- TODO: check
+ NOT-FOR-US: Welcart e-Commerce plugin for WordPress
CVE-2014-10015 (SQL injection vulnerability in load-calendar.php in PHPJabbers
Event ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Event Booking Calendar
CVE-2014-10014 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Event Booking Calendar
CVE-2014-10013 (SQL injection vulnerability in the Another WordPress
Classifieds ...)
- TODO: check
+ NOT-FOR-US: Another WordPress Classifieds Plugin plugin for WordPress
CVE-2014-10012 (Cross-site scripting (XSS) vulnerability in the Another
WordPress ...)
- TODO: check
+ NOT-FOR-US: Another WordPress Classifieds Plugin plugin for WordPress
CVE-2014-10011 (Stack-based buffer overflow in UltraCamLib in the UltraCam
ActiveX ...)
- TODO: check
+ NOT-FOR-US: TRENDnet SecurView camera TV-IP422WN
CVE-2014-10010 (Directory traversal vulnerability in PHPJabbers Appointment
Scheduler ...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Appointment Scheduler
CVE-2014-10009 (Multiple cross-site scripting (XSS) vulnerabilities in Stark
CRM 1.0 ...)
- TODO: check
+ NOT-FOR-US: Stark CRM
CVE-2014-10008 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Stark ...)
- TODO: check
+ NOT-FOR-US: Stark CRM
CVE-2014-10007 (Multiple cross-site scripting (XSS) vulnerabilities in Maian
Weblog ...)
- TODO: check
+ NOT-FOR-US: Maian Weblog
CVE-2014-10006 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Maian ...)
- TODO: check
+ NOT-FOR-US: Maian Uploader
CVE-2014-10005 (Maian Uploader 4.0 allows remote attackers to obtain sensitive
...)
- TODO: check
+ NOT-FOR-US: Maian Uploader
CVE-2014-100040
RESERVED
CVE-2014-10004 (SQL injection vulnerability in admin/data_files/move.php in
Maian ...)
- TODO: check
+ NOT-FOR-US: Maian Uploader
CVE-2014-100039 (mbae.sys in Malwarebytes Anti-Exploit before 1.05.1.2014
allows local ...)
- TODO: check
+ NOT-FOR-US: Malwarebytes Anti-Exploit
CVE-2014-100038 (Cross-site scripting (XSS) vulnerability in Storytlr 1.3.dev
and ...)
- TODO: check
+ NOT-FOR-US: Storytlr
CVE-2014-100037 (Cross-site scripting (XSS) vulnerability in Storytlr 1.3.dev
and ...)
- TODO: check
+ NOT-FOR-US: Storytlr
CVE-2014-100036 (Cross-site scripting (XSS) vulnerability in FlatPress 1.0.2
allows ...)
- TODO: check
+ NOT-FOR-US: FlatPress
CVE-2014-100035 (SQL injection vulnerability in the ticket grid in the admin
interface ...)
- TODO: check
+ NOT-FOR-US: LicensePal ArcticDesk
CVE-2014-100034 (Cross-site scripting (XSS) vulnerability in the frontend
interface in ...)
- TODO: check
+ NOT-FOR-US: LicensePal ArcticDesk
CVE-2014-100033 (Directory traversal vulnerability in LicensePal ArcticDesk
before ...)
- TODO: check
+ NOT-FOR-US: LicensePal ArcticDesk
CVE-2014-100032 (Cross-site scripting (XSS) vulnerability in top.html in the
Airties ...)
- TODO: check
+ NOT-FOR-US: Airties Air 6372 modem
CVE-2014-100031 (Multiple SQL injection vulnerabilities in Ganesha Digital
Library ...)
- TODO: check
+ NOT-FOR-US: Ganesha Digital Library
CVE-2014-100030 (Cross-site scripting (XSS) vulnerability in
module/search/function.php ...)
- TODO: check
+ NOT-FOR-US: Ganesha Digital Library
CVE-2014-10003 (Multiple cross-site scripting (XSS) vulnerabilities in Maian
Uploader ...)
- TODO: check
+ NOT-FOR-US: Maian Uploader
CVE-2014-100029 (Multiple directory traversal vulnerabilities in
class/session.php in ...)
- TODO: check
+ NOT-FOR-US: Ganesha Digital Library
CVE-2014-100028 (Cross-site scripting (XSS) vulnerability in /signup in
WEBCrafted ...)
- TODO: check
+ NOT-FOR-US: WEBCrafted
CVE-2014-100027 (Cross-site scripting (XSS) vulnerability in the WP SlimStat
plugin ...)
- TODO: check
+ NOT-FOR-US: WP SlimStat plugin for WordPress
CVE-2014-100026 (Cross-site scripting (XSS) vulnerability in readme.php in the
April's ...)
- TODO: check
+ NOT-FOR-US: April's Super Functions Pack plugin for WordPress
CVE-2014-100025 (Cross-site request forgery (CSRF) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Savsoft Quiz
CVE-2014-100024 (Cross-site scripting (XSS) vulnerability in Seo Panel before
3.4.0 ...)
- TODO: check
+ NOT-FOR-US: Seo Panel
CVE-2014-100023 (Multiple cross-site scripting (XSS) vulnerabilities in
question.php in ...)
- TODO: check
+ NOT-FOR-US: mTouch Quiz
CVE-2014-100022 (SQL injection vulnerability in question.php in the mTouch
Quiz before ...)
- TODO: check
+ NOT-FOR-US: mTouch Quiz
CVE-2014-100021 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: OrangeHRM
CVE-2014-100020 (SQL injection vulnerability in ChangeEmail.php in
iTechClassifieds ...)
- TODO: check
+ NOT-FOR-US: iTechClassifieds
CVE-2014-10002 (Unspecified vulnerability in JetBrains TeamCity before 8.1
allows ...)
- TODO: check
+ NOT-FOR-US: JetBrains TeamCity
CVE-2014-100019 (SQL injection vulnerability in the LTree converter in Pomm
before ...)
- TODO: check
+ NOT-FOR-US: LTree converter in Pomm
CVE-2014-100018 (Cross-site scripting (XSS) vulnerability in the Unconfirmed
plugin ...)
- TODO: check
+ NOT-FOR-US: Unconfirmed plugin for WordPress
CVE-2014-100017 (Cross-site scripting (XSS) vulnerability in canned_opr.php in
...)
- TODO: check
+ NOT-FOR-US: PhpOnlineChat
CVE-2014-100016 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Photocrati theme for WordPress
CVE-2014-100015 (Directory traversal vulnerability in pdmwService.exe in
SolidWorks ...)
- TODO: check
+ NOT-FOR-US: SolidWorks Workgroup PDM
CVE-2014-100014 (Multiple stack-based buffer overflows in pdmwService.exe in
SolidWorks ...)
- TODO: check
+ NOT-FOR-US: SolidWorks Workgroup PDM
CVE-2014-100013 (Multiple cross-site scripting (XSS) vulnerabilities in
clientResponse ...)
- TODO: check
+ NOT-FOR-US: clientResponse
CVE-2014-100012 (SQL injection vulnerability in /app in Sendy 1.1.8.4 allows
remote ...)
- TODO: check
+ NOT-FOR-US: Sendy
CVE-2014-100011 (SQL injection vulnerability in /send-to in Sendy 1.1.9.1
allows remote ...)
- TODO: check
+ NOT-FOR-US: Sendy
CVE-2014-100010 (Cross-site scripting (XSS) vulnerability in ClanSphere 2011.4
allows ...)
- TODO: check
+ NOT-FOR-US: ClanSphere
CVE-2014-10001 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
- TODO: check
+ NOT-FOR-US: PHPJabbers Appointment Scheduler
CVE-2014-100009 (The Joomlaskin JS Multi Hotel (aka JS MultiHotel and
Js-Multi-Hotel) ...)
TODO: check
CVE-2014-100008 (Cross-site scripting (XSS) vulnerability in
includes/delete_img.php in ...)
TODO: check
CVE-2014-100007 (Cross-site scripting (XSS) vulnerability in the HK Exif Tags
plugin ...)
- TODO: check
+ NOT-FOR-US: HK Exif Tags plugin for WordPress
CVE-2014-100006 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
TODO: check
CVE-2014-100005 (Multiple cross-site request forgery (CSRF) vulnerabilities in
D-Link ...)
- TODO: check
+ NOT-FOR-US: D-Link DIR-600 router
CVE-2014-100004 (Cross-site scripting (XSS) vulnerability in Sitecore CMS
before 7.0 ...)
- TODO: check
+ NOT-FOR-US: Sitecore CMS
CVE-2014-100003 (SQL injection vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Code Futures YourMembers plugin for WordPress
CVE-2014-100002 (Directory traversal vulnerability in ManageEngine
SupportCenter Plus ...)
- TODO: check
+ NOT-FOR-US: ManageEngine SupportCenter Plus
CVE-2014-100001 (Cross-site request forgery (CSRF) vulnerability in the SEO
Plugin ...)
TODO: check
CVE-2014-100000
@@ -450,7 +450,7 @@
CVE-2014-10000
REJECTED
CVE-2013-7420 (Buffer overflow in Hancom Office 2010 SE allows remote
attackers to ...)
- TODO: check
+ NOT-FOR-US: Hancom Office 2010 SE
CVE-2015-XXXX [IP address spoofing in mod_remoteip]
- apache2 2.4.9-1
[wheezy] - apache2 <not-affected> (no mod_remoteip in 2.2)
@@ -1186,7 +1186,7 @@
CVE-2015-0583
RESERVED
CVE-2015-0582 (The High Availability (HA) subsystem in Cisco NX-OS on MDS 9000
...)
- TODO: check
+ NOT-FOR-US: Cisco NX-OS
CVE-2015-0581
RESERVED
CVE-2015-0580
@@ -2823,9 +2823,9 @@
CVE-2014-9192 (Integer overflow in Trihedral Engineering VTScada (formerly
VTS) 6.5 ...)
NOT-FOR-US: Trihedral Engineering VTScada
CVE-2014-9191 (The CodeWrights HART Device Type Manager (DTM) library in
Emerson HART ...)
- TODO: check
+ NOT-FOR-US: Emerson HART DTM
CVE-2014-9190 (Stack-based buffer overflow in Schneider Electric Wonderware
InTouch ...)
- TODO: check
+ NOT-FOR-US: Schneider Electric
CVE-2014-9189
RESERVED
CVE-2014-9188 (Buffer overflow in an ActiveX control in MDraw30.ocx in
Schneider ...)
@@ -10968,7 +10968,7 @@
CVE-2014-6213
RESERVED
CVE-2014-6212 (The Echo API in IBM Emptoris Contract Management 9.5.x before
9.5.0.6 ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-6211
RESERVED
CVE-2014-6210 (IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 through FP4,
and 10.5 ...)
@@ -10994,7 +10994,7 @@
CVE-2014-6200
RESERVED
CVE-2014-6199 (The HTTP Server Adapter in IBM Sterling B2B Integrator 5.1 and
5.2.x ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-6198
RESERVED
CVE-2014-6197
@@ -11076,7 +11076,7 @@
CVE-2014-6159 (IBM DB2 9.7 before FP10, 9.8 through FP5, 10.1 through FT4, and
10.5 ...)
NOT-FOR-US: IBM
CVE-2014-6158 (Multiple directory traversal vulnerabilities in the file-upload
...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2014-6157
RESERVED
CVE-2014-6156
@@ -19513,9 +19513,9 @@
NOT-FOR-US: TR-069 Auto Configuration Servers
NOTE:
http://mis.fortunecook.ie/misfortune-cookie-tr069-protection-whitepaper.pdf
CVE-2014-2839 (SQL injection vulnerability in the GD Star Rating plugin 19.22
for ...)
- TODO: check
+ NOT-FOR-US: GD Star Rating plugin for WordPress
CVE-2014-2838 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the GD ...)
- TODO: check
+ NOT-FOR-US: GD Star Rating plugin for WordPress
CVE-2014-2837
RESERVED
CVE-2014-2836
@@ -39199,9 +39199,9 @@
CVE-2013-2605
RESERVED
CVE-2013-2604 (RealNetworks GameHouse RealArcade Installer (aka ActiveMARK
Game ...)
- TODO: check
+ NOT-FOR-US: RealNetworks GameHouse RealArcade Installer
CVE-2013-2603 (The RACInstaller.StateCtrl.1 ActiveX control in
InstallerDlg.dll in ...)
- TODO: check
+ NOT-FOR-US: RealNetworks GameHouse RealArcade Installer
CVE-2013-2602 (Multiple array index errors in the MyHeritage SEQueryObject
ActiveX ...)
NOT-FOR-US: MyHeritage SEQueryObject ActiveX control
CVE-2013-2601 (The NDVM in Citrix XenClient XT before 2.1.3 and 3.x before
3.1.4 ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
