[Secure-testing-commits] r11980 - data/CVE

Wed May 27 09:37:55 UTC 2009

Author: nion
Date: 2009-05-27 09:37:55 +0000 (Wed, 27 May 2009)
New Revision: 11980

Modified:
   data/CVE/list
Log:
- NFUs
- new ocsinventory-server issue (CVE-2009-1769)


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2009-05-27 09:21:04 UTC (rev 11979)
+++ data/CVE/list	2009-05-27 09:37:55 UTC (rev 11980)
@@ -1,51 +1,52 @@
 CVE-2009-1785 (Cross-site scripting (XSS) vulnerability in Ulteo Open Virtual Desktop ...)
-	TODO: check
+	NOT-FOR-US: Ulteo Open Virtual Desktop
 CVE-2009-1784 (The AVG parsing engine 8.5 323, as used in multiple AVG anti-virus ...)
-	TODO: check
+	NOT-FOR-US: AVG anti-virus
 CVE-2009-1783 (Multiple FRISK Software F-Prot anti-virus products, including ...)
-	TODO: check
+	NOT-FOR-US: FRISK Software F-Prot anti-virus
 CVE-2009-1782 (Multiple F-Secure anti-virus products, including Anti-Virus for ...)
-	TODO: check
+	NOT-FOR-US: F-Secure anti-virus
 CVE-2009-1781 (Static code injection vulnerability in admin.php in Frax.dk Php ...)
-	TODO: check
+	NOT-FOR-US: Frax.dk Php Recommend
 CVE-2009-1780 (admin.php in Frax.dk Php Recommend 1.3 and earlier does not require ...)
-	TODO: check
+	NOT-FOR-US: Frax.dk Php Recommend
 CVE-2009-1779 (PHP remote file inclusion vulnerability in admin.php in Frax.dk Php ...)
-	TODO: check
+	NOT-FOR-US: Frax.dk Php Recommend
 CVE-2009-1778 (SQL injection vulnerability in the new user registration feature in ...)
-	TODO: check
+	NOT-FOR-US: BigACE CMS
 CVE-2009-1777 (CRLF injection vulnerability in FormMail.pl in Matt Wright FormMail ...)
-	TODO: check
+	NOT-FOR-US: Matt Wright FormMail
 CVE-2009-1776 (Multiple cross-site scripting (XSS) vulnerabilities in FormMail.pl in ...)
-	TODO: check
+	NOT-FOR-US: Matt Wright FormMail
 CVE-2009-1775 (Multiple cross-site scripting (XSS) vulnerabilities in Ulteo Open ...)
-	TODO: check
+	NOT-FOR-US: Ulteo Open Virtual Desktop
 CVE-2009-1774 (Directory traversal vulnerability in plugins/ddb/foot.php in ...)
-	TODO: check
+	NOT-FOR-US: Strawberry
 CVE-2009-1773 (activeCollab 2.1 Corporate allows remote attackers to obtain sensitive ...)
-	TODO: check
+	NOT-FOR-US: activeCollab
 CVE-2009-1772 (Cross-site scripting (XSS) vulnerability in activeCollab 2.1 Corporate ...)
-	TODO: check
+	NOT-FOR-US: activeCollab
 CVE-2009-1771 (index.php in Flyspeck CMS 6.8 does not require administrative ...)
-	TODO: check
+	NOT-FOR-US: Flyspeck CMS
 CVE-2009-1770 (Directory traversal vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Flyspeck CMS
 CVE-2009-1769 (The web interface in OCS Inventory NG 1.01 generates different error ...)
-	TODO: check
+	- ocsinventory-server <unfixed> (unimportant; bug #529344)
+	NOTE: README.Debian states Important: access to the reports server should be restricted
 CVE-2009-1768 (Directory traversal vulnerability in download.php in Rama Zaiten CMS ...)
-	TODO: check
+	NOT-FOR-US: Rama Zaiten CMS
 CVE-2009-1767 (admin/edituser.php in 2daybiz Template Monster Clone does not require ...)
-	TODO: check
+	NOT-FOR-US: 2daybiz Template Monster Clone
 CVE-2009-1766 (SQL injection vulnerability in index.php in LightOpenCMS 0.1 allows ...)
-	TODO: check
+	NOT-FOR-US: LightOpenCMS
 CVE-2009-1765 (Multiple directory traversal vulnerabilities in pluck 4.6.2, when ...)
-	TODO: check
+	NOT-FOR-US: pluck CMS
 CVE-2009-1764 (SQL injection vulnerability in inc/ajax.asp in MaxCMS 2.0 allows ...)
-	TODO: check
+	NOT-FOR-US: MaxCMS
 CVE-2009-1763 (Unspecified vulnerability in the Solaris Secure Digital slot driver ...)
-	TODO: check
+	NOT-FOR-US: Solaris
 CVE-2009-1762 (Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess ...)
-	TODO: check
+	NOT-FOR-US: Novell GroupWise
 CVE-2009-XXXX [radare-common insecure temp files handling]
 	- radare-common (low)
 	TODO: file bug
@@ -334,7 +335,7 @@
 CVE-2009-1636
 	RESERVED
 CVE-2009-1635 (Cross-site scripting (XSS) vulnerability in the WebAccess login page ...)
-	TODO: check
+	NOT-FOR-US: Novell GroupWise
 CVE-2009-1634
 	RESERVED
 CVE-2009-1633 [CIFS Unicode issue]


