[Secure-testing-commits] r31236 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Jan 10 05:27:32 UTC 2015
Author: carnil
Date: 2015-01-10 05:27:32 +0000 (Sat, 10 Jan 2015)
New Revision: 31236
Modified:
data/CVE/list
Log:
processing of the wordpress plugins NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-01-10 05:22:27 UTC (rev 31235)
+++ data/CVE/list 2015-01-10 05:27:32 UTC (rev 31236)
@@ -1,7 +1,7 @@
CVE-2015-XXXX [buffer overflow]
- unace <unfixed> (bug #775003)
CVE-2015-0920 (Cross-site request forgery (CSRF) vulnerability in the Banner Effect ...)
- TODO: check
+ NOT-FOR-US: Banner Effect Header plugin for WordPress
CVE-2015-0919 (Multiple SQL injection vulnerabilities in the administrative backend ...)
TODO: check
CVE-2015-0918 (Cross-site scripting (XSS) vulnerability in the administrative backend ...)
@@ -912,11 +912,11 @@
CVE-2014-9526 (Multiple cross-site scripting (XSS) vulnerabilities in concrete5 ...)
TODO: check
CVE-2014-9525 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
- TODO: check
+ NOT-FOR-US: Timed Popup (wp-timed-popup) plugin for WordPress
CVE-2014-9524 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
- TODO: check
+ NOT-FOR-US: Facebook Like Box (cardoza-facebook-like-box) plugin for WordPress
CVE-2014-9523 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Our ...)
- TODO: check
+ NOT-FOR-US: Our Team Showcase (our-team-enhanced) plugin for WordPress
CVE-2014-9522 (Multiple cross-site scripting (XSS) vulnerabilities in CMS Papoo Light ...)
TODO: check
CVE-2014-9521 (Unrestricted file upload vulnerability in uploadScript.php in ...)
@@ -992,9 +992,9 @@
CVE-2014-9462
RESERVED
CVE-2014-9461 (Directory traversal vulnerability in models/Cart66.php in the Cart66 ...)
- TODO: check
+ NOT-FOR-US: Cart66 Lite plugin for WordPress
CVE-2014-9460 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
- TODO: check
+ NOT-FOR-US: WP-ViperGB plugin for WordPress
CVE-2014-9459 (Cross-site request forgery (CSRF) vulnerability in the AdminObserver ...)
TODO: check
CVE-2014-9458 (Heap-based buffer overflow in the GDB debugger module in Hex-Rays IDA ...)
@@ -1006,9 +1006,9 @@
CVE-2014-9455 (SQL injection vulnerability in showads.php in CTS Projects & Software ...)
TODO: check
CVE-2014-9454 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
- TODO: check
+ NOT-FOR-US: Simple Sticky Footer plugin for WordPress
CVE-2014-9453 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: Simple visitor stat plugin for WordPress
CVE-2014-9452 (Directory traversal vulnerability in VDG Security SENSE (formerly ...)
TODO: check
CVE-2014-9451 (Multiple stack-based buffer overflows in the DIVA web service API ...)
@@ -1018,13 +1018,13 @@
CVE-2014-9445 (SQL injection vulnerability in incl/create.inc.php in Installatron GQ ...)
TODO: check
CVE-2014-9444 (Cross-site scripting (XSS) vulnerability in the Frontend Uploader ...)
- TODO: check
+ NOT-FOR-US: Frontend Uploader plugin for WordPress
CVE-2014-9443 (Cross-site scripting (XSS) vulnerability in the Relevanssi plugin ...)
- TODO: check
+ NOT-FOR-US: Relevanssi plugin for WordPress
CVE-2014-9442 (SQL injection vulnerability in models/Cart66Ajax.php in the Cart66 ...)
- TODO: check
+ NOT-FOR-US: Cart66 Lite plugin for WordPress
CVE-2014-9441 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
- TODO: check
+ NOT-FOR-US: Lightbox Photo Gallery plugin for WordPress
CVE-2014-9440 (SQL injection vulnerability in browse.php in phpMyRecipes 1.2.2 allows ...)
TODO: check
CVE-2014-9439 (Cross-site scripting (XSS) vulnerability in Easy File Sharing Web ...)
@@ -1032,7 +1032,7 @@
CVE-2014-9438 (Cross-site request forgery (CSRF) vulnerability in the Moderator ...)
TODO: check
CVE-2014-9437 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
- TODO: check
+ NOT-FOR-US: Sliding Social Icons plugin for WordPress
CVE-2014-9436 (Absolute path traversal vulnerability in SysAid On-Premise before ...)
TODO: check
CVE-2014-9435 (Multiple SQL injection vulnerabilities in Absolut Engine 1.73 allow ...)
@@ -1070,15 +1070,15 @@
CVE-2011-5309 (Cross-site scripting (XSS) vulnerability in pages.php in Wikipad 1.6.0 ...)
TODO: check
CVE-2011-5308 (Multiple SQL injection vulnerabilities in cdnvote-post.php in the ...)
- TODO: check
+ NOT-FOR-US: cdnvote plugin for WordPress
CVE-2011-5307 (Cross-site scripting (XSS) vulnerability in index.php in the ...)
- TODO: check
+ NOT-FOR-US: PhotoSmash plugin for WordPress
CVE-2011-5306 (Cross-site request forgery (CSRF) vulnerability in ...)
TODO: check
CVE-2011-5305 (Multiple cross-site scripting (XSS) vulnerabilities in CosmoShop ePRO ...)
TODO: check
CVE-2011-5304 (Multiple cross-site scripting (XSS) vulnerabilities in the Sodahead ...)
- TODO: check
+ NOT-FOR-US: Sodahead Polls plugin for WordPress
CVE-2011-5303 (Cross-site scripting (XSS) vulnerability in Spitfire CMS 1.0.436 ...)
TODO: check
CVE-2011-5302 (Cross-site request forgery (CSRF) vulnerability in adm/admin_edit.php ...)
@@ -1114,7 +1114,7 @@
CVE-2011-5287 (Multiple cross-site scripting (XSS) vulnerabilities in HESK before ...)
TODO: check
CVE-2011-5286 (SQL injection vulnerability in social-slider-2/ajax.php in the Social ...)
- TODO: check
+ NOT-FOR-US: Social Slider plugin for WordPress
CVE-2011-5285 (Multiple cross-site scripting (XSS) vulnerabilities in BugFree 2.1.3 ...)
TODO: check
CVE-2011-5284 (Cross-site request forgery (CSRF) vulnerability in the web management ...)
@@ -1757,7 +1757,7 @@
CVE-2014-9398 (Cross-site request forgery (CSRF) vulnerability in the Twitter ...)
TODO: check
CVE-2014-9397 (Cross-site request forgery (CSRF) vulnerability in the twimp-wp plugin ...)
- TODO: check
+ NOT-FOR-US: twimp-wp plugin for WordPress
CVE-2014-9396 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
TODO: check
CVE-2014-9395 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
@@ -19545,7 +19545,7 @@
CVE-2014-2600 (Unspecified vulnerability in HP IceWall Identity Manager 4.0 through ...)
NOT-FOR-US: HP
CVE-2014-2598 (Cross-site request forgery (CSRF) vulnerability in the Quick Page/Post ...)
- TODO: check
+ NOT-FOR-US: Quick Page/Post Redirect plugin for WordPress
CVE-2014-2597 (PCNetSoftware RAC Server 4.0.4 and 4.0.5 allows local users to cause a ...)
NOT-FOR-US: PCNetSoftware RAC Server
CVE-2014-2596
@@ -47834,7 +47834,7 @@
- vlc <unfixed> (unimportant)
NOTE: Harmless crasher without security relevance
CVE-2012-5853 (SQL injection vulnerability in the "the_search_function" function in ...)
- TODO: check
+ NOT-FOR-US: "the_search_function" function in cardoza_ajax_search.php in the AJAX Post Search (cardoza-ajax-search) plugin for WordPress
CVE-2012-5852
RESERVED
CVE-2012-5851 (html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google ...)
More information about the Secure-testing-commits
mailing list