[Secure-testing-commits] r14934 - data/CVE
Raphael Geissert
geissert at alioth.debian.org
Wed Jun 30 17:02:00 UTC 2010
Author: geissert
Date: 2010-06-30 17:01:54 +0000 (Wed, 30 Jun 2010)
New Revision: 14934
Modified:
data/CVE/list
Log:
python-mako issue
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-06-30 16:46:42 UTC (rev 14933)
+++ data/CVE/list 2010-06-30 17:01:54 UTC (rev 14934)
@@ -1,3 +1,7 @@
+CVE-2010-XXXX [XSS in python mako's escape.cgi]
+ - python-mako <undetermined>
+ TODO: check
+ NOTE: http://bugs.python.org/issue9061
CVE-2010-XXXX [XSS in paste.httpexceptions]
- python-paste 1.7.4-1
NOTE: http://bitbucket.org/ianb/paste/changeset/fcae59df8b56
@@ -4,27 +8,27 @@
NOTE: CVE requested
TODO: evaluate
CVE-2010-2515 (Multiple SQL injection vulnerabilities in index.php in the JFaq ...)
- TODO: check
+ NOT-FOR-US: component for Joomla!
CVE-2010-2514 (Cross-site scripting (XSS) vulnerability in the JFaq (com_jfaq) ...)
- TODO: check
+ NOT-FOR-US: component for Joomla!
CVE-2010-2513 (SQL injection vulnerability in the JE Ajax Event Calendar ...)
- TODO: check
+ NOT-FOR-US: component for Joomla!
CVE-2010-2512 (SQL injection vulnerability in customprofile.php in 2daybiz ...)
- TODO: check
+ NOT-FOR-US: 2daybiz Matrimonial Script
CVE-2010-2511 (SQL injection vulnerability in viewnews.php in 2daybiz Multi Level ...)
- TODO: check
+ NOT-FOR-US: 2daybiz Multi Level Marketing
CVE-2010-2510 (SQL injection vulnerability in customize.php in 2daybiz Web Template ...)
- TODO: check
+ NOT-FOR-US: 2daybiz Web Template
CVE-2010-2509 (Multiple cross-site scripting (XSS) vulnerabilities in 2daybiz Web ...)
- TODO: check
+ NOT-FOR-US: 2daybiz Web Template
CVE-2010-2508 (SQL injection vulnerability in user-profile.php in 2daybiz Video ...)
NOT-FOR-US: 2daybiz Video
CVE-2010-2507 (Directory traversal vulnerability in the Picasa2Gallery ...)
- TODO: check
+ NOT-FOR-US: component for Joomla!
CVE-2010-2506 (Cross-site scripting (XSS) vulnerability in debug.cgi in Linksys ...)
NOT-FOR-US: Linksys
CVE-2010-2505 (Soft SaschArt SasCAM Webcam Server 2.6.5, 2.7, and earlier allows ...)
- TODO: check
+ NOT-FOR-US: Soft SaschArt SasCAM Webcam Server
CVE-2010-2504 (Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allows remote ...)
NOT-FOR-US: Splunk
CVE-2010-2503 (Multiple cross-site scripting (XSS) vulnerabilities in Splunk 4.0 ...)
@@ -99,29 +103,29 @@
- syscp <unfixed> (bug #587481)
NOTE: CVE id requested on oss-sec
CVE-2010-2469 (The Linear eMerge 50 and 5000 uses a default password of eMerge for ...)
- TODO: check
+ NOT-FOR-US: Linear eMerge
CVE-2010-2468 (The S2 Security NetBox 2.x and 3.x, as used in the Linear eMerge 50 ...)
- TODO: check
+ NOT-FOR-US: S2 Security NetBox
CVE-2010-2467 (The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear ...)
- TODO: check
+ NOT-FOR-US: S2 Security NetBox
CVE-2010-2466 (The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear ...)
- TODO: check
+ NOT-FOR-US: S2 Security NetBox
CVE-2010-2465 (The S2 Security NetBox 2.5, 3.3, and 4.0, as used in the Linear eMerge ...)
- TODO: check
+ NOT-FOR-US: S2 Security NetBox
CVE-2010-2464 (Multiple cross-site scripting (XSS) vulnerabilities in the RSComments ...)
- TODO: check
+ NOT-FOR-US: component for Joomla!
CVE-2010-2463 (Cross-site scripting (XSS) vulnerability in forum.php in Jamroom ...)
- TODO: check
+ NOT-FOR-US: Jamroom
CVE-2010-2462 (SQL injection vulnerability in withdraw_money.php in Toma Cero OroHYIP ...)
- TODO: check
+ NOT-FOR-US: Toma Cero OroHYIP
CVE-2010-2461 (SQL injection vulnerability in storecat.php in JCE-Tech Overstock 1 ...)
- TODO: check
+ NOT-FOR-US: JCE-Tech Overstock
CVE-2010-2460 (SQL injection vulnerability in merchant_product_list.php in JCE-Tech ...)
- TODO: check
+ NOT-FOR-US: JCE-Tech Shareasale Script
CVE-2010-2459 (SQL injection vulnerability in video.php in 2daybiz Video Community ...)
- TODO: check
+ NOT-FOR-US: 2daybiz Video Community Portal Script
CVE-2010-2458 (Cross-site scripting (XSS) vulnerability in video.php in 2daybiz Video ...)
- TODO: check
+ NOT-FOR-US: 2daybiz Video Community Portal Script
CVE-2010-2457 (Cross-site scripting (XSS) vulnerability in index.php in K-Search ...)
NOT-FOR-US: K-Search
CVE-2010-2456 (Multiple directory traversal vulnerabilities in index.php in Linker ...)
@@ -133,19 +137,19 @@
CVE-2010-2453
RESERVED
CVE-2009-4909 (admin/index.php in oBlog allows remote attackers to conduct ...)
- TODO: check
+ NOT-FOR-US: oBlog
CVE-2009-4908 (Multiple cross-site scripting (XSS) vulnerabilities in oBlog allow ...)
- TODO: check
+ NOT-FOR-US: oBlog
CVE-2009-4907 (Multiple cross-site request forgery (CSRF) vulnerabilities in oBlog ...)
- TODO: check
+ NOT-FOR-US: oBlog
CVE-2009-4906 (Cross-site request forgery (CSRF) vulnerability in index.php in Acc ...)
- TODO: check
+ NOT-FOR-US: Acc PHP eMail
CVE-2009-4905 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: Acc Statistics
CVE-2009-4904 (article.php in oBlog does not properly restrict comments, which allows ...)
- TODO: check
+ NOT-FOR-US: oBlog
CVE-2009-4903 (Cross-site scripting (XSS) vulnerability in index.php in oBlog allows ...)
- TODO: check
+ NOT-FOR-US: oBlog
CVE-2010-2452 [kvirc dir. trav. issue]
RESERVED
{DSA-2065-1}
@@ -1439,7 +1443,7 @@
CVE-2010-1931 (SQL injection vulnerability in includes/content/cart.inc.php in ...)
NOT-FOR-US: CubeCart PHP Shopping Cart
CVE-2010-1930 (Off-by-one error in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allows ...)
- TODO: check
+ NOT-FOR-US: Novell iManager
CVE-2010-1929 (Multiple stack-based buffer overflows in the ...)
TODO: check
CVE-2010-1919 (Unspecified vulnerability in EMC Avamar 4.1.x and 5.0 before SP1 ...)
More information about the Secure-testing-commits
mailing list