[Secure-testing-commits] r12683 - data/CVE
Giuseppe Iuculano
derevko-guest at alioth.debian.org
Wed Aug 26 07:38:50 UTC 2009
Author: derevko-guest
Date: 2009-08-26 07:38:50 +0000 (Wed, 26 Aug 2009)
New Revision: 12683
Modified:
data/CVE/list
Log:
NFUs and chromium-browser itp
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-08-25 21:14:28 UTC (rev 12682)
+++ data/CVE/list 2009-08-26 07:38:50 UTC (rev 12683)
@@ -3,79 +3,79 @@
CVE-2009-2957
RESERVED
CVE-2009-2956 (The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere
CVE-2009-2955 (Google Chrome 1.0.154.48 and earlier allows remote attackers to cause ...)
- TODO: check
+ - chromium-browser <itp> (bug #520324)
CVE-2009-2954 (Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2009-2953 (Mozilla Firefox 3.0.6 through 3.0.13, and 3.5.x, allows remote ...)
TODO: check
CVE-2009-2952 (Unspecified vulnerability in the pollwakeup function in Sun Solaris ...)
- TODO: check
+ NOT-FOR-US: Sun Solaris
CVE-2009-2951 (Phenotype CMS before 2.9 does not use a random salt value for password ...)
- TODO: check
+ NOT-FOR-US: Phenotype CMS
CVE-2008-7083 (Multiple SQL injection vulnerabilities in ReVou Micro Blogging Twitter ...)
- TODO: check
+ NOT-FOR-US: ReVou Micro Blogging Twitter clone
CVE-2008-7082 (MyBB (aka MyBulletinBoard) 1.4.3 includes the sensitive my_post_key ...)
- TODO: check
+ NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2008-7081 (userHandler.cgi in RaidSonic ICY BOX NAS firmware 2.3.2.IB.2.RS.1 ...)
- TODO: check
+ NOT-FOR-US: RaidSonic ICY BOX NAS firmware
CVE-2008-7080 (Team PHP PHP Classifieds Script stores sensitive information under the ...)
- TODO: check
+ NOT-FOR-US: Team PHP PHP Classifieds Script
CVE-2008-7079 (Buffer overflow in Nero ShowTime 5.0.15.0 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Nero ShowTime
CVE-2008-7078 (Multiple buffer overflows in Rumpus before 6.0.1 allow remote ...)
- TODO: check
+ NOT-FOR-US: Rumpus
CVE-2008-7077 (Multiple SQL injection vulnerabilities in SailPlanner 0.3a allow ...)
- TODO: check
+ NOT-FOR-US: SailPlanner
CVE-2008-7076 (Unrestricted file upload vulnerability in user.modify.profile.php in ...)
- TODO: check
+ NOT-FOR-US: Kalptaru Infotech Ltd. Star Articles
CVE-2008-7075 (Multiple SQL injection vulnerabilities in Kalptaru Infotech Ltd. Star ...)
- TODO: check
+ NOT-FOR-US: Kalptaru Infotech Ltd. Star Articles
CVE-2008-7074 (Format string vulnerability in MemeCode Software i.Scribe 1.88 through ...)
- TODO: check
+ NOT-FOR-US: MemeCode Software i.Scribe
CVE-2008-7073 (PHP remote file inclusion vulnerability in lib/action/rss.php in RSS ...)
- TODO: check
+ NOT-FOR-US: RSS module 0.1 for Pie Web M{a,e}sher
CVE-2008-7072 (Cross-site scripting (XSS) vulnerability in index.php in Chipmunk ...)
- TODO: check
+ NOT-FOR-US: Chipmunk Topsites
CVE-2008-7071 (SQL injection vulnerability in authenticate.php in Chipmunk Topsites ...)
- TODO: check
+ NOT-FOR-US: Chipmunk Topsites
CVE-2008-7070 (Argument injection vulnerability in the URI handler in KVIrc 3.4.2 ...)
TODO: check
CVE-2008-7069 (All Club CMS (ACCMS) 0.0.2 and earlier stores sensitive information ...)
- TODO: check
+ NOT-FOR-US: All Club CMS (ACCMS)
CVE-2008-7068 (The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent ...)
TODO: check
CVE-2008-7067 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: PageTree CMS
CVE-2008-7066 (OpenForum 0.66 Beta allows remote attackers to bypass authentication ...)
- TODO: check
+ NOT-FOR-US: OpenForum
CVE-2008-7065 (Siemens C450 IP and C475 IP VoIP devices allow remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Siemens C450 IP and C475 IP VoIP devices
CVE-2008-7064 (Directory traversal vulnerability in the get_lang function in ...)
- TODO: check
+ NOT-FOR-US: Quicksilver Forums
CVE-2008-7063 (Ocean12 FAQ Manager Pro stores sensitive data under the web root with ...)
- TODO: check
+ NOT-FOR-US: Ocean12 FAQ Manager Pro
CVE-2008-7062 (Unrestricted file upload vulnerability in admin/index.php in Download ...)
- TODO: check
+ NOT-FOR-US: Download Manager module 1.0 for LoveCMS
CVE-2008-7061 (The tooltip manager (chrome/views/tooltip_manager.cc) in Google Chrome ...)
- TODO: check
+ - chromium-browser <itp> (bug #520324)
CVE-2008-7060 (Multiple cross-site scripting (XSS) vulnerabilities in One-News Beta 2 ...)
- TODO: check
+ NOT-FOR-US: One-News
CVE-2008-7059 (SQL injection vulnerability in index.php in One-News Beta 2 allows ...)
- TODO: check
+ NOT-FOR-US: One-News
CVE-2008-7058 (Cross-site request forgery (CSRF) vulnerability in BandSite CMS 1.1.4 ...)
- TODO: check
+ NOT-FOR-US: BandSite CMS
CVE-2008-7057 (Cross-site scripting (XSS) vulnerability in merchandise.php in ...)
- TODO: check
+ NOT-FOR-US: BandSite CMS
CVE-2008-7056 (BandSite CMS 1.1.4 does not perform access control for ...)
- TODO: check
+ NOT-FOR-US: BandSite CMS
CVE-2008-7055 (module.php in ezContents 2.0.3 allows remote attackers to bypass the ...)
- TODO: check
+ NOT-FOR-US: ezContents
CVE-2008-7054 (Multiple directory traversal vulnerabilities in ezContents 2.0.3 allow ...)
- TODO: check
+ NOT-FOR-US: ezContents
CVE-2008-7053 (LogMeIn Remote Access Utility ActiveX control (RACtrl.dll) allows ...)
- TODO: check
+ NOT-FOR-US: LogMeIn
CVE-2009-2950
RESERVED
CVE-2009-2949
@@ -109,97 +109,97 @@
CVE-2009-2935
RESERVED
CVE-2009-2934 (Multiple stack-based buffer overflows in xaudio.dll in Programmed ...)
- TODO: check
+ NOT-FOR-US: Programmed Integration PIPL
CVE-2009-2933 (SQL injection vulnerability in comments.php in Piwigo before 2.0.3 ...)
- TODO: check
+ NOT-FOR-US: Piwigo
CVE-2009-2932 (Cross-site scripting (XSS) vulnerability in uddiclient/process in the ...)
- TODO: check
+ NOT-FOR-US: SAP NetWeaver
CVE-2009-2931 (Directory traversal vulnerability in p.php in SlideShowPro Director ...)
- TODO: check
+ NOT-FOR-US: SlideShowPro Director
CVE-2009-2930 (Cross-site scripting (XSS) vulnerability in the Search feature in elka ...)
- TODO: check
+ NOT-FOR-US: elka CMS (aka Elkapax)
CVE-2009-2929 (Multiple SQL injection vulnerabilities in TGS Content Management 0.x ...)
- TODO: check
+ NOT-FOR-US: TGS Content Management
CVE-2009-2928 (Cross-site scripting (XSS) vulnerability in login.php in TGS Content ...)
- TODO: check
+ NOT-FOR-US: TGS Content Management
CVE-2009-2927 (SQL injection vulnerability in DetailFile.php in DigitalSpinners DS ...)
- TODO: check
+ NOT-FOR-US: DigitalSpinners DS CMS
CVE-2009-2926 (Multiple SQL injection vulnerabilities in PHP Competition System BETA ...)
- TODO: check
+ NOT-FOR-US: PHP Competition System BETA
CVE-2008-7052 (Unrestricted file upload vulnerability in profile.php in Pre Projects ...)
- TODO: check
+ NOT-FOR-US: Pre Projects Pre Real Estate Listings
CVE-2008-7051 (AJ Square AJ Article allows remote attackers to bypass authentication ...)
- TODO: check
+ NOT-FOR-US: AJ Square AJ Article
CVE-2008-7050 (The password_check function in auth/auth_phpbb3.php in WoW Raid ...)
- TODO: check
+ NOT-FOR-US: WoW Raid Manager
CVE-2008-7049 (Multiple SQL injection vulnerabilities in login.asp in NatterChat 1.1 ...)
- TODO: check
+ NOT-FOR-US: NatterChat
CVE-2008-7048 (Multiple cross-site scripting (XSS) vulnerabilities in NatterChat 1.12 ...)
- TODO: check
+ NOT-FOR-US: NatterChat
CVE-2008-7047 (NatterChat 1.1 allows remote attackers to bypass authentication and ...)
- TODO: check
+ NOT-FOR-US: NatterChat
CVE-2008-7046 (AJ Square Free Polling Script (AJPoll) allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: AJ Square Free Polling Script
CVE-2008-7045 (AJ Square Free Polling Script (AJPoll) Database version allows remote ...)
- TODO: check
+ NOT-FOR-US: AJ Square Free Polling Script
CVE-2008-7044 (SQL injection vulnerability in admin/include/newpoll.php in AJ Square ...)
- TODO: check
+ NOT-FOR-US: AJ Square Free Polling Script
CVE-2008-7043 (Cross-site scripting (XSS) vulnerability in register.php in ...)
- TODO: check
+ NOT-FOR-US: FreshScripts Fresh Email Script
CVE-2008-7042 (PHP remote file inclusion vulnerability in url.php in FreshScripts ...)
- TODO: check
+ NOT-FOR-US: FreshScripts Fresh Email Script
CVE-2008-7041 (AJ Classifieds allows remote attackers to bypass authentication and ...)
- TODO: check
+ NOT-FOR-US: AJ Classifieds
CVE-2008-7040 (SQL injection vulnerability in ahah/sf-profile.php in the Yellow ...)
- TODO: check
+ NOT-FOR-US: Yellow Swordfish Simple Forum module for Wordpress
CVE-2008-7039 (Cross-site scripting (XSS) vulnerability in admin/comments.php in ...)
- TODO: check
+ NOT-FOR-US: Gelato CMS
CVE-2008-7038 (SQL injection vulnerability in the My_eGallery module for PHP-Nuke ...)
- TODO: check
+ NOT-FOR-US: My_eGallery module for PHP-Nuke
CVE-2008-7037 (The Sidebar gadget in ITN News Gadget (aka ITN Hub Gadget) 1.06 for ...)
- TODO: check
+ NOT-FOR-US: ITN News Gadget
CVE-2008-7036 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
- TODO: check
+ NOT-FOR-US: DevTracker module 3.0 for bcoos
CVE-2008-7035 (Cross-site scripting (XSS) vulnerability in an unspecified component ...)
- TODO: check
+ NOT-FOR-US: Simple Machines phpRaider
CVE-2008-7034 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: PHPEcho CMS
CVE-2008-7033 (SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) ...)
- TODO: check
+ NOT-FOR-US: component for Joomla!
CVE-2008-7032 (Web Management Console Cross-site request forgery (CSRF) vulnerability ...)
- TODO: check
+ NOT-FOR-US: web management console in F5 BIG-IP
CVE-2008-7031 (Heap-based buffer overflow in Foxit Remote Access Server (aka WAC ...)
- TODO: check
+ NOT-FOR-US: Foxit Remote Access Server (aka WAC Server)
CVE-2008-7030 (Multiple SQL injection vulnerabilities in Site2Nite Real Estate Web ...)
- TODO: check
+ NOT-FOR-US: Site2Nite Real Estate Web
CVE-2008-7029 (Unrestricted file upload vulnerability in usercp.php in AlilG ...)
- TODO: check
+ NOT-FOR-US: AlilG Application AliBoard
CVE-2008-7028 (RPG.Board 0.8 Beta2 and earlier allows remote attackers to bypass ...)
- TODO: check
+ NOT-FOR-US: RPG.Board
CVE-2008-7027 (Libra File Manager 1.18 and earlier allows remote attackers to bypass ...)
- TODO: check
+ NOT-FOR-US: Libra File Manager
CVE-2008-7026 (Unrestricted file upload vulnerability in filesystem3.class.php in ...)
- TODO: check
+ NOT-FOR-US: eFront
CVE-2008-7025 (TrueVector in Check Point ZoneAlarm 8.0.020.000, with vsmon.exe ...)
- TODO: check
+ NOT-FOR-US: Check Point ZoneAlarm
CVE-2008-7024 (admin.php in Arz Development The Gemini Portal 4.7 and earlier allows ...)
- TODO: check
+ NOT-FOR-US: Arz Development The Gemini Portal
CVE-2008-7023 (Aruba Mobility Controller running ArubaOS 3.3.1.16, and possibly other ...)
- TODO: check
+ NOT-FOR-US: ArubaOS
CVE-2008-7022 (Insecure method vulnerability in ChilkatMail_v7_9.dll in the Chilkat ...)
- TODO: check
+ NOT-FOR-US: Chilkat Software IMAP ActiveX control
CVE-2008-7021 (Unrestricted file upload vulnerability in editlogo.php in AvailScript ...)
- TODO: check
+ NOT-FOR-US: AvailScript Jobs Portal Script
CVE-2008-7020 (McAfee SafeBoot Device Encryption 4 build 4750 and earlier stores ...)
- TODO: check
+ NOT-FOR-US: McAfee SafeBoot Device Encryption
CVE-2008-7019 (Esqlanelapse 2.6.1 and 2.6.2 allows remote attackers to bypass ...)
- TODO: check
+ NOT-FOR-US: Esqlanelapse
CVE-2008-7018 (Cross-site scripting (XSS) vulnerability in NashTech Easy PHP Calendar ...)
- TODO: check
+ NOT-FOR-US: NashTech Easy PHP Calendar
CVE-2008-7017 (Cross-site scripting (XSS) vulnerability in analyse.php in CAcert ...)
- TODO: check
+ NOT-FOR-US: CAcert
CVE-2008-7016 (tnftpd before 20080929 splits large command strings into multiple ...)
- TODO: check
+ NOT-FOR-US: tnftpd
CVE-2003-1574 (TikiWiki 1.6.1 allows remote attackers to bypass authentication by ...)
TODO: check
CVE-2009-XXXX [pidgin does not honour SSL/TLS]
@@ -2797,7 +2797,7 @@
CVE-2009-2057 (Microsoft Internet Explorer before 8 uses the HTTP Host header to ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-2056 (Cisco IOS XR 3.8.1 and earlier allows remote authenticated users to ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2009-2055 (Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a ...)
NOT-FOR-US: Cisco IOS
CVE-2009-2054
@@ -3262,7 +3262,7 @@
CVE-2009-3870
REJECTED
CVE-2009-1879 (Cross-site scripting (XSS) vulnerability in index.template.html in the ...)
- TODO: check
+ NOT-FOR-US: Adobe Flex
CVE-2009-1878 (Session fixation vulnerability in Adobe ColdFusion 8.0.1 and earlier ...)
NOT-FOR-US: Adobe ColdFusion
CVE-2009-1877 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0.1 and ...)
@@ -5723,7 +5723,7 @@
CVE-2009-1155 (Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security ...)
NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-1154 (Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2009-1153
RESERVED
CVE-2009-1152 (Siemens Gigaset SE461 WiMAX router 1.5-BL024.9.6401, and possibly ...)
More information about the Secure-testing-commits
mailing list