[Secure-testing-commits] r12311 - data/CVE

Thu Jul 9 07:16:35 UTC 2009

Author: derevko-guest
Date: 2009-07-09 07:16:34 +0000 (Thu, 09 Jul 2009)
New Revision: 12311

Modified:
   data/CVE/list
Log:
- NFUs
- ITP
- Zoph Cross-Site Scripting Vulnerability issue got a CVE id
- track an old php4-sqlite issue


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2009-07-09 02:31:19 UTC (rev 12310)
+++ data/CVE/list	2009-07-09 07:16:34 UTC (rev 12311)
@@ -1,23 +1,23 @@
 CVE-2009-2359 (Multiple SQL injection vulnerabilities in TekRADIUS 3.0 allow ...)
-	TODO: check
+	NOT-FOR-US: TekRADIUS
 CVE-2009-2358 (TekRADIUS 3.0 uses BUILTIN\Users:R permissions for the TekRADIUS.ini ...)
-	TODO: check
+	NOT-FOR-US: TekRADIUS
 CVE-2009-2357 (The default configuration of TekRADIUS 3.0 uses the sa account to ...)
-	TODO: check
+	NOT-FOR-US: TekRADIUS
 CVE-2009-2356 (Multiple stack-based buffer overflows in the pgsqlQuery function in ...)
-	TODO: check
+	NOT-FOR-US: NullLogic Groupware
 CVE-2009-2355 (The forum module in NullLogic Groupware 1.2.7 allows remote ...)
-	TODO: check
+	NOT-FOR-US: NullLogic Groupware
 CVE-2009-2354 (SQL injection vulnerability in the auth_checkpass function in the ...)
-	TODO: check
+	NOT-FOR-US: NullLogic Groupware
 CVE-2009-2353 (encoder.php in eAccelerator allows remote attackers to execute ...)
-	TODO: check
+	- eaccelerator-src <itp> (bug #460341)
 CVE-2009-2352 (Google Chrome 1.0.154.48 and earlier does not block javascript: URIs ...)
-	TODO: check
+	- chromium-browser <itp> (bug #520324)
 CVE-2009-2351 (Opera 9.52 and earlier does not block javascript: URIs in Refresh ...)
-	TODO: check
+	NOT-FOR-US: Opera
 CVE-2009-2350 (Microsoft Internet Explorer 6.0.2900.2180 and earlier does not block ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2009-2349
 	RESERVED
 CVE-2009-2348
@@ -27,35 +27,33 @@
 CVE-2009-2346
 	RESERVED
 CVE-2009-2345 (Multiple SQL injection vulnerabilities in ClanSphere before 2009.0.1 ...)
-	TODO: check
+	NOT-FOR-US: ClanSphere
 CVE-2009-2344 (The web-based management interfaces in Sourcefire Defense Center (DC) ...)
-	TODO: check
-CVE-2009-2343 (Cross-site scripting (XSS) vulnerability in people.php in Zoph before ...)
-	TODO: check
+	NOT-FOR-US: Sourcefire
 CVE-2009-2342 (Cross-site scripting (XSS) vulnerability in admin.php (aka the login ...)
-	TODO: check
+	NOT-FOR-US: CMME
 CVE-2009-2341 (SQL injection vulnerability in albumdetail.php in Opial 1.0 allows ...)
-	TODO: check
+	NOT-FOR-US: Opial
 CVE-2009-2340 (SQL injection vulnerability in admin/index.php in Opial 1.0 allows ...)
-	TODO: check
+	NOT-FOR-US: Opial
 CVE-2009-2339 (SQL injection vulnerability in index.php in Rentventory allows remote ...)
-	TODO: check
+	NOT-FOR-US: Rentventory
 CVE-2009-2338 (Directory traversal vulnerability in includes/startmodules.inc.php in ...)
-	TODO: check
+	NOT-FOR-US: FreeWebshop.org
 CVE-2009-2337 (SQL injection vulnerability in includes/module/book/index.inc.php in ...)
-	TODO: check
+	NOT-FOR-US: w3b|cms
 CVE-2008-6853 (SQL injection vulnerability in modules/poll/index.php in AIST NetCat ...)
-	TODO: check
+	NOT-FOR-US: AIST NetCat
 CVE-2008-6852 (SQL injection vulnerability in the Ice Gallery (com_ice) component 0.5 ...)
-	TODO: check
+	NOT-FOR-US: Joomla! component
 CVE-2008-6851 (SQL injection vulnerability in page.php in PHP Link Directory (phpLD) ...)
-	TODO: check
+	NOT-FOR-US: PHP Link Directory
 CVE-2008-6850 (Cross-site scripting (XSS) vulnerability in messages.php in PHP-Fusion ...)
-	TODO: check
+	NOT-FOR-US: PHP-Fusion
 CVE-2008-6849 (Unrestricted file upload vulnerability in index.php in phpGreetCards ...)
-	TODO: check
+	NOT-FOR-US: phpGreetCards
 CVE-2008-6848 (Cross-site scripting (XSS) vulnerability in index.php in phpGreetCards ...)
-	TODO: check
+	NOT-FOR-US: phpGreetCards
 CVE-2009-2336
 	RESERVED
 CVE-2009-2335
@@ -348,7 +346,7 @@
 CVE-2008-6837 (SQL injection vulnerability in Zoph 0.7.2.1 allows remote attackers to ...)
 	- zoph <unfixed> (bug #535188)
 	NOTE: the details are unknown
-CVE-2009-XXXX [Zoph Cross-Site Scripting Vulnerability]
+CVE-2009-2343 (Cross-site scripting (XSS) vulnerability in people.php in Zoph before ...)
 	- zoph <unfixed> (low; bug #535188)
 	NOTE: http://sourceforge.net/tracker/?func=detail&aid=2815898&group_id=69353&atid=524249
 	NOTE: http://sourceforge.net/project/shownotes.php?group_id=69353&release_id=694128
@@ -22847,7 +22845,7 @@
 CVE-2008-0021
 	RESERVED
 CVE-2008-0020 (Unspecified vulnerability in the Microsoft Video ActiveX control in ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2008-0019
 	RESERVED
 CVE-2008-0018
@@ -22865,7 +22863,7 @@
 	- iceape 1.1.12-1
 	- icedove 2.0.0.17-1
 CVE-2008-0015 (Stack-based buffer overflow in MPEG2TuneRequest in the Microsoft Video ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2008-0014 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...)
 	NOT-FOR-US: Trend Micro
 CVE-2008-0013 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...)
@@ -34660,6 +34658,7 @@
 	{DSA-1283-1 DTSA-39-1}
 	- php4 <not-affected> (SQLite not enabled in PHP 4 packages)
 	- php5 5.2.0-11 (medium)
+	- php4-sqlite <removed> (medium; bug #420456)
 	NOTE: php5 is vulnerable due to improper use of the system sqlite libs
 CVE-2007-1886 (Integer overflow in the str_replace function in PHP 4.4.5 and PHP ...)
 	NOTE: Duplicate of CVE-2007-1885


