[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2018-18895 was rejected (duplicate of CVE-2014-3004)
Salvatore Bonaccorso
carnil at debian.org
Tue Feb 12 20:32:59 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
935451d0 by Salvatore Bonaccorso at 2019-02-12T20:14:16Z
CVE-2018-18895 was rejected (duplicate of CVE-2014-3004)
- - - - -
696cb004 by Salvatore Bonaccorso at 2019-02-12T20:29:39Z
Process some NFUs for Joomla!
- - - - -
0df9b503 by Salvatore Bonaccorso at 2019-02-12T20:32:28Z
Unify some older Joomla! NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -21,17 +21,17 @@ CVE-2019-7746
CVE-2019-7745
RESERVED
CVE-2019-7744 (An issue was discovered in Joomla! before 3.9.3. Inadequate filtering ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2019-7743 (An issue was discovered in Joomla! before 3.9.3. The phar:// stream ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2019-7742 (An issue was discovered in Joomla! before 3.9.3. A combination of ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2019-7741 (An issue was discovered in Joomla! before 3.9.3. Inadequate checks at ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2019-7740 (An issue was discovered in Joomla! before 3.9.3. Inadequate parameter ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2019-7739 (An issue was discovered in Joomla! before 3.9.3. The "No Filtering" ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2019-7738 (C.P.Sub before 5.3 allows CSRF via a manage.php?p=article_del&id= URI. ...)
TODO: check
CVE-2019-7737 (A CSRF vulnerability was found in Verydows v2.0 that can add an admin ...)
@@ -3681,13 +3681,13 @@ CVE-2019-6266
CVE-2019-6265
RESERVED
CVE-2019-6264 (An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2019-6263 (An issue was discovered in Joomla! before 3.9.2. Inadequate checks of ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2019-6262 (An issue was discovered in Joomla! before 3.9.2. Inadequate checks of ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2019-6261 (An issue was discovered in Joomla! before 3.9.2. Inadequate escaping in ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2019-6260 (The ASPEED ast2400 and ast2500 Baseband Management Controller (BMC) ...)
NOT-FOR-US: ASPEED
CVE-2019-6259 (An issue was discovered in idreamsoft iCMS V7.0.13. There is SQL ...)
@@ -21522,7 +21522,6 @@ CVE-2018-18896
RESERVED
CVE-2018-18895
REJECTED
- NOT-FOR-US: Cisco
CVE-2018-18894
RESERVED
CVE-2018-18893 (Jinjava before 2.4.6 does not block the getClass method, related to ...)
@@ -29324,11 +29323,11 @@ CVE-2018-15884 (RICOH MP C4504ex devices allow HTML Injection via the ...)
CVE-2018-15883
RESERVED
CVE-2018-15882 (An issue was discovered in Joomla! before 3.8.12. Inadequate checks in ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2018-15881 (An issue was discovered in Joomla! before 3.8.12. Inadequate checks ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2018-15880 (An issue was discovered in Joomla! before 3.8.12. Inadequate output ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2018-15879
RESERVED
CVE-2018-15878
@@ -49859,7 +49858,7 @@ CVE-2018-8047
CVE-2018-8046 (The getTip() method of Action Columns of Sencha Ext JS 4 to 6 before ...)
NOT-FOR-US: Sencha
CVE-2018-8045 (In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2018-8044
RESERVED
CVE-2017-18223 (BMC Remedy AR System before 9.1 SP3, when Remedy AR Authentication is ...)
@@ -91580,7 +91579,7 @@ CVE-2017-11365 [Empty passwords validation issue]
- symfony <not-affected> (introduced in versions that were never packaged in Debian)
NOTE: https://symfony.com/blog/cve-2017-11365-empty-passwords-validation-issue
CVE-2017-11364 (The CMS installer in Joomla! before 3.7.4 does not verify a user's ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2017-11363
RESERVED
CVE-2017-11362 (In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ...)
@@ -94053,9 +94052,9 @@ CVE-2017-9935 (In LibTIFF 4.0.8, there is a heap-based buffer overflow in the ..
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2704
NOTE: https://gitlab.com/libtiff/libtiff/commit/3dd8f6a357981a4090f126ab9025056c938b6940
CVE-2017-9934 (Missing CSRF token checks and improper input validation in Joomla! CMS ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2017-9933 (Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2017-9932 (Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb has a ...)
NOT-FOR-US: Green Packet
CVE-2017-9931 (Cross-Site Scripting (XSS) exists in Green Packet DX-350 Firmware ...)
@@ -99056,7 +99055,7 @@ CVE-2017-8919 (NetApp OnCommand API Services before 1.2P3 logs the LDAP BIND pas
CVE-2017-8918 (XXE in Dive Assistant - Template Builder in Blackwave Dive Assistant - ...)
NOT-FOR-US: Dive Assistant
CVE-2017-8917 (SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2017-8916 (In Center for Internet Security CIS-CAT Pro Dashboard before 1.0.4, an ...)
NOT-FOR-US: Center for Internet Security CIS-CAT Pro Dashboard
CVE-2017-8915 (sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers ...)
@@ -101377,7 +101376,7 @@ CVE-2017-8059 (Acceptance of invalid/self-signed TLS certificates in "Foxit
CVE-2017-8058 (Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat ...)
NOT-FOR-US: HipChat
CVE-2017-8057 (In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2017-8056 (WatchGuard Fireware v11.12.1 and earlier mishandles requests referring ...)
NOT-FOR-US: WatchGuard
CVE-2017-8055 (WatchGuard Fireware allows user enumeration, e.g., in the Firebox ...)
@@ -101545,19 +101544,19 @@ CVE-2017-7991 (Exponent CMS 2.4.1 and earlier has SQL injection via a base64 ...
CVE-2017-7990 (The Reporting Module 1.12.0 for OpenMRS allows CSRF attacks with ...)
NOT-FOR-US: OpenMRS
CVE-2017-7989 (In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2017-7988 (In Joomla! 1.6.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2017-7987 (In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate escaping of ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2017-7986 (In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2017-7985 (In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2017-7984 (In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2017-7983 (In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2017-7982 (Integer overflow in the plist_from_bin function in bplist.c in ...)
- libplist 1.12+git+1+e37ca00-0.3 (bug #860945)
[jessie] - libplist <no-dsa> (Minor issue)
@@ -117614,11 +117613,11 @@ CVE-2016-9839 (In MapServer before 7.0.3, OGR driver error messages are too verb
NOTE: https://github.com/mapserver/mapserver/pull/4928
NOTE: https://github.com/mapserver/mapserver/pull/5356
CVE-2016-9838 (An issue was discovered in components/com_users/models/registration.php ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2016-9837 (An issue was discovered in ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2016-9836 (The file scanning mechanism of JFilterInput::isFileSafe() in Joomla! ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2016-9835 (Directory traversal vulnerability in file "jcss.php" in Zikula 1.3.x ...)
NOT-FOR-US: Zikula
CVE-2016-9834 (An XSS vulnerability allows remote attackers to execute arbitrary ...)
@@ -126274,7 +126273,7 @@ CVE-2016-9086 (GitLab versions 8.9.x and above contain a critical security flaw
NOTE: https://hackerone.com/reports/178152
NOTE: https://about.gitlab.com/2016/11/02/cve-2016-9086-patches/
CVE-2016-9081 (Joomla! 3.4.4 through 3.6.3 allows attackers to reset username, ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2016-9080 (Memory safety bugs were reported in Firefox 50.0.2. Some of these bugs ...)
- firefox 50.1.0-1
- firefox-esr <not-affected> (Only affects Firefox 50.x)
@@ -126769,9 +126768,9 @@ CVE-2016-8872
CVE-2016-8871 (In Botan 1.11.29 through 1.11.32, RSA decryption with certain padding ...)
- botan1.10 <not-affected> (Only affects 1.11.29 through 1.11.32)
CVE-2016-8870 (The register method in the UsersModelRegistration class in ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2016-8869 (The register method in the UsersModelRegistration class in ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2016-8868
RESERVED
CVE-2016-8867 (Docker Engine 1.12.2 enabled ambient capabilities with misconfigured ...)
@@ -150477,7 +150476,7 @@ CVE-2015-8770 (Directory traversal vulnerability in the set_skin function in ...
NOTE: http://web.archive.org/web/20160329044421/http://roundcube.net/news/2015/12/26/updates-1.1.4-and-1.0.8-released
NOTE: https://github.com/roundcube/roundcubemail/commit/10e5192a2b1bc90ec137f5e69d0aa072c1210d6d
CVE-2015-8769 (SQL injection vulnerability in Joomla! 3.x before 3.4.7 allows ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2016-1711 (WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google ...)
{DSA-3637-1}
- chromium-browser 52.0.2743.82-1
@@ -154165,13 +154164,13 @@ CVE-2015-8575 (The sco_sock_bind function in net/bluetooth/sco.c in the Linux ke
CVE-2015-8566 (The Session package 1.x before 1.3.1 for Joomla! Framework allows ...)
NOT-FOR-US: Session package for Joomla
CVE-2015-8565 (Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2015-8564 (Directory traversal vulnerability in Joomla! 3.4.x before 3.4.6 allows ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2015-8563 (Cross-site request forgery (CSRF) vulnerability in the com_templates ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2015-8562 (Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2015-8561 (The F1BookView ActiveX control in F1 Bookview in Schneider Electric ...)
NOT-FOR-US: F1BookView
CVE-2015-8555 (Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU ...)
@@ -157962,7 +157961,7 @@ CVE-2015-7887 (NetApp SnapCenter Server 1.0 allows remote authenticated users to
CVE-2015-7886 (NetApp Data ONTAP before 8.2.4P1, when 7-Mode and HTTP access are ...)
NOT-FOR-US: NetApp
CVE-2015-7899 (The com_content component in Joomla! 3.x before 3.4.5 does not ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2015-7883
RESERVED
CVE-2015-7882
@@ -158042,11 +158041,11 @@ CVE-2015-7861 (Persistent Accelerite Radia Client Automation (formerly HP Client
CVE-2015-7860 (Stack-based buffer overflow in the agent in Persistent Accelerite ...)
NOT-FOR-US: Persistent Accelerite Radia
CVE-2015-7859 (The com_contenthistory component in Joomla! 3.2 before 3.4.5 does not ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2015-7858 (SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2015-7857 (SQL injection vulnerability in the getListQuery function in ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2015-7856 (OpenNMS has a default password of rtc for the rtc account, which makes ...)
NOT-FOR-US: OpenNMS
CVE-2015-7855 (The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and ...)
@@ -159723,7 +159722,7 @@ CVE-2015-7298 (ownCloud Desktop Client before 2.0.1, when compiled with a Qt rel
[jessie] - owncloud-client <not-affected> (not compiled with a Qt release greater than 5.3.x)
NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-016
CVE-2015-7297 (SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2015-XXXX [Privilege escalation via core-gui]
- core-network <removed> (bug #799756)
NOTE: http://pf.itd.nrl.navy.mil/pipermail/core-users/2015-August/001837.html
@@ -160653,7 +160652,7 @@ CVE-2015-7940 (The Bouncy Castle Java library before 1.51 does not validate a po
NOTE: Possibly needed to include as well: https://github.com/bcgit/bc-java/commit/e25e94a
NOTE: Peter Dettman <peter.dettman at bouncycastle.org> offered to assist if backporting fails and to review the result.
CVE-2015-6939 (Cross-site scripting (XSS) vulnerability in the login module in ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2015-6936
RESERVED
CVE-2015-6935
@@ -164724,7 +164723,7 @@ CVE-2015-5399 (Cross-site scripting (XSS) vulnerability in PHPVibe before 4.21 a
CVE-2015-5398
RESERVED
CVE-2015-5397 (Cross-site request forgery (CSRF) vulnerability in Joomla! 3.2.0 ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2015-5396
RESERVED
CVE-2015-5394
@@ -185929,13 +185928,13 @@ CVE-2014-7986 (install/index.php in EspoCRM before 2.6.0 allows remote attackers
CVE-2014-7985 (Directory traversal vulnerability in EspoCRM before 2.6.0 allows ...)
NOT-FOR-US: EspoCRM
CVE-2014-7984 (Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2014-7983 (Cross-site scripting (XSS) vulnerability in com_contact in Joomla! CMS ...)
NOT-FOR-US: Joomla component com_contact
CVE-2014-7982 (Cross-site scripting (XSS) vulnerability in Joomla! CMS 2.5.x before ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2014-7981 (SQL injection vulnerability in Joomla! CMS 3.1.x and 3.2.x before ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2014-7980 (Multiple cross-site scripting (XSS) vulnerabilities in template.php in ...)
NOT-FOR-US: Drupal theme Zen
CVE-2014-7979 (Cross-site scripting (XSS) vulnerability in the SimpleCorp theme ...)
@@ -187705,9 +187704,9 @@ CVE-2014-7233 (GE Healthcare Precision THUNIS-800+ has a default password of (1)
CVE-2014-7232 (GE Healthcare Discovery XR656 and XR656 G2 has a password of (1) ...)
NOT-FOR-US: GE Healthcare Discovery XR656 and XR656 G2
CVE-2014-7229 (Unspecified vulnerability in Joomla! before 2.5.4 before 2.5.26, 3.x ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2014-7228 (Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2014-7227
REJECTED
CVE-2014-7226 (The file comment feature in Rejetto HTTP File Server (hfs) 2.3c and ...)
@@ -189030,9 +189029,9 @@ CVE-2014-6633 (The safe_eval function in trytond in Tryton before 2.4.15, 2.6.x
- tryton-server 3.2.3-1
NOTE: https://bugs.tryton.org/issue4155
CVE-2014-6632 (Joomla! 2.5.x before 2.5.25, 3.x before 3.2.4, and 3.3.x before 3.3.4 ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2014-6631 (Cross-site scripting (XSS) vulnerability in com_media in Joomla! 3.2.x ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2014-6630
RESERVED
CVE-2014-6629
@@ -210994,7 +210993,7 @@ CVE-2013-5585
CVE-2013-5584
RESERVED
CVE-2013-5583 (Cross-site scripting (XSS) vulnerability in ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2013-5582
RESERVED
NOT-FOR-US: Ammyy Admin
@@ -211060,7 +211059,7 @@ CVE-2013-5580 (The (1) Conn_StartLogin and (2) cb_Read_Resolver_Result functions
- ngircd <not-affected> (only affects 20, 20.1, and 20.2)
NOTE: http://arthur.barton.de/pipermail/ngircd-ml/2013-August/000652.html
CVE-2013-5576 (administrator/components/com_media/helpers/media.php in the media ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2013-5575
REJECTED
CVE-2013-5568 (The auto-update implementation in Cisco Adaptive Security Appliance ...)
@@ -215935,7 +215934,7 @@ CVE-2013-3721 (SQL injection vulnerability in awards.php in PsychoStats 3.2.2b a
CVE-2013-3720 (Cross-site scripting (XSS) vulnerability in widget_remove.php in the ...)
NOT-FOR-US: Wordpress plugin Feedweb
CVE-2013-3719 (Cross-site scripting (XSS) vulnerability in the aiContactSafe ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2013-3718 [evince missing check on number of pages]
RESERVED
- evince 3.10.0-1
@@ -216946,7 +216945,7 @@ CVE-2013-3269 (Cross-site request forgery (CSRF) vulnerability in Cybozu Office
CVE-2013-3268 (Novell iManager 2.7 before SP6 Patch 1 does not refresh a token after ...)
NOT-FOR-US: Novell iManager
CVE-2013-3267 (Cross-site scripting (XSS) vulnerability in the highlighter plugin in ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2013-3266 (The nfsrvd_readdir function in sys/fs/nfsserver/nfs_nfsdport.c in the ...)
{DSA-2672-1}
- kfreebsd-9 9.0-11 (bug #706414)
@@ -217005,7 +217004,7 @@ CVE-2013-3244 (Multiple unspecified vulnerabilities in the CJDB_FILL_MEMORY_FROM
CVE-2013-3243 (Unspecified vulnerability in OpenText/IXOS ECM for SAP NetWeaver ...)
NOT-FOR-US: SAP NetWeaver
CVE-2013-3242 (plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2013-3241 (export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 ...)
- phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2013-3240 (Directory traversal vulnerability in the Export feature in phpMyAdmin ...)
@@ -217420,13 +217419,13 @@ CVE-2013-3061 (The ISHMED-PATRED_TRANSACT_RFCCALL function in the IS-H ...)
CVE-2013-3060 (The web console in Apache ActiveMQ before 5.8.0 does not require ...)
- activemq <not-affected> (Web console not provided in Debian package, see #702670)
CVE-2013-3059 (Cross-site scripting (XSS) vulnerability in the Voting plugin in ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2013-3058 (Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2013-3057 (Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2013-3056 (Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2013-3055 (Lexmark Markvision Enterprise before 1.8 provides a diagnostic ...)
NOT-FOR-US: Lexmark Markvision Enterprise
CVE-2013-3054
@@ -222487,11 +222486,11 @@ CVE-2013-1457
CVE-2013-1456
RESERVED
CVE-2013-1455 (Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2013-1454 (Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2013-1453 (plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2013-1452
RESERVED
CVE-2013-4696
@@ -228035,7 +228034,7 @@ CVE-2012-5829 (Heap-based buffer overflow in the nsWindow::OnExposeEvent functio
CVE-2012-5828
RESERVED
CVE-2012-5827 (Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2012-5826
RESERVED
CVE-2011-5243 (TwitterOAuth does not verify that the server hostname matches a domain ...)
@@ -231664,7 +231663,7 @@ CVE-2012-4533 (Cross-site scripting (XSS) vulnerability in the "extra"
CVE-2012-4532 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: Joomla addon
CVE-2012-4531 (Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.7 ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2012-4530 (The load_script function in fs/binfmt_script.c in the Linux kernel ...)
- linux 3.2.35-1
- linux-2.6 <removed>
@@ -233601,9 +233600,9 @@ CVE-2012-3831 (Cross-site scripting (XSS) vulnerability in decoda/templates/vide
CVE-2012-3830 (Cross-site scripting (XSS) vulnerability in decoda/templates/video.php ...)
NOT-FOR-US: Decoda not in Debian
CVE-2012-3829 (Joomla! 2.5.3 allows remote attackers to obtain the installation path ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2012-3828 (Cross-site scripting (XSS) vulnerability in Joomla! 2.5.3 allows ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2012-3827
RESERVED
CVE-2011-5096 (Stack-based buffer overflow in cstore.exe in the Media Application ...)
@@ -236305,9 +236304,9 @@ CVE-2012-2749 (MySQL 5.1.x before 5.1.63 and 5.5.x before 5.5.24 allows remote .
- mysql-5.1 <removed>
- mysql-5.5 5.5.24+dfsg-1
CVE-2012-2748 (Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2012-2747 (Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2012-2746 (389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server ...)
- 389-ds-base <not-affected> (Fixed before initial upload)
CVE-2012-2745 (The copy_creds function in kernel/cred.c in the Linux kernel before ...)
@@ -239257,9 +239256,9 @@ CVE-2012-1614 (Coppermine Photo Gallery before 1.5.20 allows remote attackers to
CVE-2012-1613 (Cross-site scripting (XSS) vulnerability in edit_one_pic.php in ...)
NOT-FOR-US: Coppermine
CVE-2012-1612 (Cross-site scripting (XSS) vulnerability in the update manager in ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2012-1611 (Joomla! 2.5.x before 2.5.4 does not properly check permissions, which ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2012-1610 (Integer overflow in the GetEXIFProperty function in magick/property.c ...)
{DSA-2462-1}
- imagemagick 8:6.7.4.0-4 (bug #667635)
@@ -239289,9 +239288,9 @@ CVE-2012-1600 (Multiple cross-site scripting (XSS) vulnerabilities in functions.
- phppgadmin 5.0.4-1
[squeeze] - phppgadmin <no-dsa> (Minor issue, will be fixed through a point update)
CVE-2012-1599 (Joomla! 1.5.x before 1.5.26 does not properly check permissions, which ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2012-1598 (Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2012-1597 (Cross-site scripting (XSS) vulnerability in the textEncode function in ...)
NOT-FOR-US: eZ Publish
CVE-2012-1596 (The mp2t_process_fragmented_payload function in ...)
@@ -239378,10 +239377,10 @@ CVE-2012-1564 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: YVS
CVE-2012-1563
RESERVED
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2012-1562
RESERVED
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2012-1561 (Cross-site scripting (XSS) vulnerability in the Finder module 6.x-1.x ...)
NOT-FOR-US: Drupal Finder
CVE-2012-1560
@@ -240401,9 +240400,9 @@ CVE-2012-1118 (The access_has_bug_level function in core/access_api.php in Manti
{DSA-2500-1}
- mantis 1.2.10-1 (low; bug #669924)
CVE-2012-1117 (Cross-site scripting (XSS) vulnerability in Joomla! 2.5.0 and 2.5.1 ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2012-1116 (SQL injection vulnerability in Joomla! 1.7.x and 2.5.x before 2.5.2 ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2012-1115
RESERVED
- phpldapadmin 1.2.2-3 (low; bug #662050)
@@ -241134,11 +241133,11 @@ CVE-2012-0839 (OCaml 3.12.1 and earlier computes hash values without restricting
CVE-2012-0838 (Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL ...)
- libstruts1.2-java <not-affected> (struts 2 issue)
CVE-2012-0837 (Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2012-0836 (Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 allows ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2012-0835 (Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 and 2.5.x ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2012-0834 (Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in ...)
- phpldapadmin 1.2.2-1 (low; bug #658907)
[squeeze] - phpldapadmin <no-dsa> (Minor issue)
@@ -241178,13 +241177,13 @@ CVE-2012-0823 (VP8 Codec SDK (libvpx) before 1.0.0 "Duclair" allows re
[squeeze] - libvpx <not-affected> (Introduced in 0.9.7)
NOTE: http://blog.webmproject.org/2012/01/vp8-codec-sdk-duclair-released.html
CVE-2012-0822 (Cross-site scripting (XSS) vulnerability in Joomla! 1.6 and 1.7.x ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2012-0821 (Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2012-0820 (Cross-site scripting (XSS) vulnerability in Joomla! 1.6.x and 1.7.x ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2012-0819 (Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2012-0818 (RESTEasy before 2.3.1 allows remote attackers to read arbitrary files ...)
NOT-FOR-US: RESTEasy framework for JBoss
CVE-2012-0817 (Memory leak in smbd in Samba 3.6.x before 3.6.3 allows remote ...)
@@ -243013,7 +243012,7 @@ CVE-2011-4938
NOT-FOR-US: Ariadne CMS not in Debian
CVE-2011-4937
RESERVED
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2011-4936
REJECTED
CVE-2011-4935
@@ -243095,22 +243094,22 @@ CVE-2011-4913 (The rose_parse_ccitt function in net/rose/rose_subr.c in the Linu
- linux-2.6 2.6.38-4
CVE-2011-4912
RESERVED
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2011-4911 (Joomla! before 1.5.12 does not perform a JEXEC check in unspecified ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2011-4910 (Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2011-4909 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2011-4908
RESERVED
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2011-4907
RESERVED
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2011-4906
RESERVED
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2011-4905 (Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial ...)
- activemq 5.5.0+dfsg-5 (bug #655495)
CVE-2011-4899 (** DISPUTED ** wp-admin/setup-config.php in the installation component ...)
@@ -243405,7 +243404,7 @@ CVE-2006-7249
CVE-2006-7248
REJECTED
CVE-2006-7247 (SQL injection vulnerability in the Weblinks (com_weblinks) component ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2005-4894
RESERVED
CVE-2005-4893
@@ -245270,7 +245269,7 @@ CVE-2011-4334 (edit.php in LabWiki 1.1 and earlier does not properly verify uplo
CVE-2011-4333 (Multiple cross-site scripting (XSS) vulnerabilities in LabWiki 1.1 and ...)
NOT-FOR-US: LabWiki
CVE-2011-4332 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.6.3 ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2011-4331
REJECTED
CVE-2011-4330 (Stack-based buffer overflow in the hfs_mac2asc function in ...)
@@ -245298,7 +245297,7 @@ CVE-2011-4322
RESERVED
NOT-FOR-US: websitebaker
CVE-2011-4321 (The password reset functionality in Joomla! 1.5.x through 1.5.24 uses ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2011-4320 (The mod_pubsub module (mod_pubsub.erl) in ejabberd 2.1.8 and ...)
- ejabberd 2.1.9-1 (low)
[squeeze] - ejabberd <no-dsa> (Only triggerable with malformed config file)
@@ -247557,7 +247556,7 @@ CVE-2011-3630 [hardlink has buffer overflows, is unsafe on changing trees]
- hardlink <not-affected> (Only the C version, ours are written in Python)
CVE-2011-3629
RESERVED
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2011-3628 (Untrusted search path vulnerability in pam_motd (aka the MOTD module) ...)
- pam 1.1.3-7 (low; bug #670076)
[squeeze] - pam <no-dsa> (Minor issue)
@@ -247687,7 +247686,7 @@ CVE-2011-3596
NOTE: http://seclists.org/fulldisclosure/2011/Oct/10
CVE-2011-3595
RESERVED
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2011-3594 (The g_markup_escape_text function in the SILC protocol plug-in in ...)
- pidgin 2.10.1-1 (unimportant)
[squeeze] - pidgin 2.7.3-1+squeeze2
@@ -248140,9 +248139,9 @@ CVE-2011-3423 (Cross-site scripting (XSS) vulnerability in the Managed File Tran
CVE-2010-4839 (SQL injection vulnerability in the Event Registration plugin 5.32 and ...)
NOT-FOR-US: Wordpress plugin Event Registration
CVE-2010-4838 (SQL injection vulnerability in the JSupport (com_jsupport) component ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2010-4837 (Cross-site scripting (XSS) vulnerability in the JSupport ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2010-4836 (Cross-site scripting (XSS) vulnerability in register.html in PHPShop ...)
NOT-FOR-US: PHPShop
CVE-2010-4835 (Directory traversal vulnerability in index.php in OneOrZero AIMS 2.6.0 ...)
@@ -249883,13 +249882,13 @@ CVE-2011-2894 (Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 throu
CVE-2011-2893 (The DataPilot feature in IBM Lotus Symphony 3 before FP3 allows ...)
NOT-FOR-US: IBM Lotus Symphony
CVE-2011-2892 (Joomla! 1.6.x before 1.6.2 does not prevent page rendering inside a ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2011-2891 (Joomla! 1.6.x before 1.6.2 allows remote attackers to obtain sensitive ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2011-2890 (The MediaViewMedia class in ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2011-2889 (templates/system/error.php in Joomla! before 1.5.23 might allow remote ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2011-2888 (IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a ...)
NOT-FOR-US: IBM Lotus Symphony
CVE-2011-2887 (IBM Lotus Symphony 3 before FP3 on Linux allows remote attackers to ...)
@@ -250482,7 +250481,7 @@ CVE-2011-2712 (Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x b
CVE-2011-2711 (Cross-site scripting (XSS) vulnerability in the print_fileinfo ...)
NOT-FOR-US: cgit
CVE-2011-2710 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2011-2709 (libgssapi and libgssglue before 0.4 do not properly check privileges, ...)
- libgssglue 0.4-1 (low; bug #670256)
[squeeze] - libgssglue <no-dsa> (Minor issue in Squeeze)
@@ -251026,7 +251025,7 @@ CVE-2011-2510 (Cross-site scripting (XSS) vulnerability in the RSS embedding fea
[squeeze] - dokuwiki 0.0.20091225c-10+squeeze2
[lenny] - dokuwiki 0.0.20080505-4+lenny3
CVE-2011-2509 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2011-2508 (Directory traversal vulnerability in libraries/display_tbl.lib.php in ...)
{DSA-2286-1}
- phpmyadmin 4:3.4.3.1-1
@@ -251099,7 +251098,7 @@ CVE-2011-2489 (Multiple off-by-one errors in opiesu.c in opiesu in OPIE 2.4.1-te
{DSA-2281-1}
- opie <removed> (bug #631344)
CVE-2011-2488 (Joomla! before 1.5.23 does not properly check for errors, which allows ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2011-2487
RESERVED
NOT-FOR-US: Apache CXF
@@ -256847,7 +256846,7 @@ CVE-2010-4697 (Use-after-free vulnerability in the Zend engine in PHP before 5.2
- php5 5.3.5-1 (unimportant)
NOTE: requires attacker to be able to execute code already
CVE-2010-4696 (Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2009-5051 (Hastymail2 before RC 8 does not set the secure flag for the session ...)
- hastymail <removed>
CVE-2011-0493 (Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha might allow ...)
@@ -258788,7 +258787,7 @@ CVE-2011-0006 (The ima_lsm_rule_init function in security/integrity/ima/ima_poli
- linux-2.6 2.6.32-30
[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.30)
CVE-2011-0005 (Cross-site scripting (XSS) vulnerability in the com_search module for ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2011-0004 (Multiple cross-site scripting (XSS) vulnerabilities in Piwik before ...)
- piwik <itp> (bug #506933)
CVE-2011-0003 (MediaWiki before 1.16.1, when user or site JavaScript or CSS is ...)
@@ -259728,7 +259727,7 @@ CVE-2010-4167 (Untrusted search path vulnerability in configure.c in ImageMagick
- imagemagick 8:6.6.0.4-3 (low; bug #601824)
[lenny] - imagemagick 7:6.3.7.9.dfsg2-1~lenny4
CVE-2010-4166 (Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2010-4165 (The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel ...)
- linux-2.6 2.6.32-28
[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.28)
@@ -260956,7 +260955,7 @@ CVE-2010-3714 (The jumpUrl (aka access tracking) implementation in ...)
CVE-2010-3713 (rss.php in UseBB before 1.0.11 does not properly handle forum ...)
NOT-FOR-US: UseBB
CVE-2010-3712 (Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x before ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2010-3711 (libpurple in Pidgin before 2.7.4 does not properly validate the return ...)
- pidgin 2.7.4-1
[squeeze] - pidgin 2.7.3-1+squeeze1
@@ -264293,7 +264292,7 @@ CVE-2010-2537 (The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux k
CVE-2010-2536 (Multiple cross-site scripting (XSS) vulnerabilities in rekonq 0.5 and ...)
- rekonq 0.5.0-2 (bug #593300)
CVE-2010-2535 (Multiple cross-site scripting (XSS) vulnerabilities in the Back End in ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2010-2534 (The NetworkSyncCommandQueue function in network/network_command.cpp in ...)
- openttd 1.0.3-1
[lenny] - openttd <not-affected> (Introduced in 1.0.1)
@@ -266680,7 +266679,7 @@ CVE-2010-1651 (IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.31 and
CVE-2010-1650 (IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.41, 6.1.x ...)
NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-1649 (Multiple cross-site scripting (XSS) vulnerabilities in the back end in ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2010-1648 (Cross-site request forgery (CSRF) vulnerability in the login interface ...)
- mediawiki 1:1.15.4-1 (bug #585918; low)
[lenny] - mediawiki 1:1.12.0-2lenny6
@@ -270703,13 +270702,13 @@ CVE-2010-0352
CVE-2010-0351
RESERVED
CVE-2009-4628 (SQL injection vulnerability in the TemplatePlaza.com TPDugg ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2009-4627 (Directory traversal vulnerability in sources/_template_parser.php in ...)
NOT-FOR-US: Moa Gallery
CVE-2009-4626 (Directory traversal vulnerability in menu.php in phpNagios 1.2.0 ...)
NOT-FOR-US: phpNagios
CVE-2009-4625 (SQL injection vulnerability in the updateOnePage function in ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2009-4624 (SQL injection vulnerability in download.php in Nicecoder iDesk allows ...)
NOT-FOR-US: Nicecoder iDesk
CVE-2009-4623 (Multiple PHP remote file inclusion vulnerabilities in Advanced Comment ...)
@@ -270719,9 +270718,9 @@ CVE-2009-4622 (PHP remote file inclusion vulnerability in admin/admin_news_bot.p
CVE-2009-4621 (SQL injection vulnerability in the JiangHu Inn plugin 1.1 and earlier ...)
NOT-FOR-US: Discuz
CVE-2009-4620 (SQL injection vulnerability in the Joomloc (com_joomloc) component 1.0 ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2009-4619 (SQL injection vulnerability in the Lucy Games (com_lucygames) ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2009-4618 (Multiple SQL injection vulnerabilities in Tourism Script Bus Script ...)
NOT-FOR-US: Tourism Script Bus Script
CVE-2009-4617 (Multiple SQL injection vulnerabilities in Tourism Script Accommodation ...)
@@ -270985,7 +270984,7 @@ CVE-2009-4607 (The command line interface in Overland Storage Snap Server 410 wi
CVE-2009-4606 (South River Technologies WebDrive 9.02 build 2232 installs the ...)
NOT-FOR-US: South River Technologies WebDrive
CVE-2009-4604 (PHP remote file inclusion vulnerability in mamboleto.php in the ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2009-4603 (Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, ...)
NOT-FOR-US: SAP Kernel
CVE-2009-4602 (Cross-site scripting (XSS) vulnerability in the Randomizer module 5.x ...)
@@ -270995,9 +270994,9 @@ CVE-2009-4601 (Cross-site scripting (XSS) vulnerability in basic_search_result.p
CVE-2009-4600 (SQL injection vulnerability in realestate20/loginaction.php in NetArt ...)
NOT-FOR-US: NetArt Media Real Estate Portal
CVE-2009-4599 (Multiple SQL injection vulnerabilities in the JS Jobs (com_jsjobs) ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2009-4598 (SQL injection vulnerability in the JPhoto (com_jphoto) component 1.0 ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2009-4597 (Multiple SQL injection vulnerabilities in index.php in PHP Inventory ...)
NOT-FOR-US: PHP Inventory
CVE-2009-4596 (Cross-site scripting (XSS) vulnerability in index.php in PHP Inventory ...)
@@ -272850,7 +272849,7 @@ CVE-2009-4159 (Cross-site scripting (XSS) vulnerability in the newsletter ...)
CVE-2009-4158 (SQL injection vulnerability in the Calendar Base (cal) extension ...)
NOT-FOR-US: TYPO3 extension
CVE-2009-4157 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2009-4156 (PHP remote file inclusion vulnerability in modules/pms/index.php in ...)
NOT-FOR-US: Ciamos CMS
CVE-2009-4155 (Multiple SQL injection vulnerabilities in Eshopbuilde CMS allow remote ...)
@@ -273786,9 +273785,9 @@ CVE-2009-3837 (Stack-based buffer overflow in Eureka Email 2.2q allows remote PO
CVE-2009-3836 (ArubaOS 3.3.1.x, 3.3.2.x, RN 3.1.x, 3.4.x, and 3.3.2.x-FIPS on the ...)
NOT-FOR-US: ArubaOS
CVE-2009-3835 (SQL injection vulnerability in the JShop (com_jshop) component for ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2009-3834 (SQL injection vulnerability in the Photoblog (com_photoblog) component ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2009-3833 (Cross-site scripting (XSS) vulnerability in index.php in TFTgallery ...)
NOT-FOR-US: TFTgallery
CVE-2009-3832 (Opera before 10.01 on Windows does not prevent use of Web fonts in ...)
@@ -276268,7 +276267,7 @@ CVE-2008-7171 (Multiple cross-site scripting (XSS) vulnerabilities in Lightweigh
CVE-2008-7170 (GSC build 2067 and earlier relies on the client to enforce ...)
NOT-FOR-US: GSC build
CVE-2008-7169 (SQL injection vulnerability in Jabode horoscope extension (com_jabode) ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2008-7168 (Insecure method vulnerability in the UUSee UUUpgrade ActiveX control ...)
NOT-FOR-US: ActiveX
CVE-2008-7167 (Unrestricted file upload vulnerability in upload.php in Page Manager ...)
@@ -278770,7 +278769,7 @@ CVE-2009-2402 (SQL injection vulnerability in index.php in the forum module in .
CVE-2009-2401 (Cross-site scripting (XSS) vulnerability in PHPEcho CMS 2.0-rc3 allows ...)
NOT-FOR-US: PHPEcho
CVE-2009-2400 (SQL injection vulnerability in the PHP (com_php) component for Joomla! ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2009-2399 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: DM FileManager
CVE-2009-2398 (Directory traversal vulnerability in test/index.php in PHP-Sugar 0.80 ...)
@@ -278780,7 +278779,7 @@ CVE-2009-2397 (Directory traversal vulnerability in download.php in Audio Articl
CVE-2009-2396 (PHP remote file inclusion vulnerability in template/album.php in DM ...)
NOT-FOR-US: DM Albums
CVE-2009-2395 (SQL injection vulnerability in the K2 (com_k2) component 1.0.1 Beta ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2009-2394 (SQL injection vulnerability in cat.php in SMSPages 1.0 in Mr.Saphp ...)
NOT-FOR-US: SMSPages
CVE-2009-2393 (admin/index.php in Virtuenetz Virtue Online Test Generator does not ...)
@@ -278790,7 +278789,7 @@ CVE-2009-2392 (SQL injection vulnerability in text.php in Virtuenetz Virtue Onli
CVE-2009-2391 (Cross-site scripting (XSS) vulnerability in text.php in Virtuenetz ...)
NOT-FOR-US: Virtuenetz Virtue Online Test Generator
CVE-2009-2390 (SQL injection vulnerability in the BookFlip (com_bookflip) component ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2009-2389 (Multiple SQL injection vulnerabilities in newsscript.php in USOLVED ...)
NOT-FOR-US: USOLVED NEWSolved
CVE-2009-2388 (SQL injection vulnerability in admin/index.php in Opial 1.0 allows ...)
@@ -282157,9 +282156,9 @@ CVE-2009-1282 (SQL injection vulnerability in private/system/lib-session.php in
CVE-2009-1281 (Cross-site scripting (XSS) vulnerability in glFusion before 1.1.3 ...)
NOT-FOR-US: glFusion
CVE-2009-1280 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2009-1279 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2009-1278 (Static code injection vulnerability in forms/ajax/configure.php in ...)
NOT-FOR-US: Gravity Board
CVE-2009-1277 (SQL injection vulnerability in index.php in Gravity Board X (GBX) 2.0 ...)
@@ -282207,7 +282206,7 @@ CVE-2009-1265 (Integer overflow in rose_sendmsg (sys/net/af_rose.c) in the Linux
CVE-2009-1264 (Frontend User Registration (sr_feuser_register) extension 2.5.20 and ...)
NOT-FOR-US: Frontend User Registration (sr_feuser_register) extension
CVE-2009-1263 (SQL injection vulnerability in sub_commententry.php in the BookJoomlas ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2009-1262 (Format string vulnerability in Fortinet FortiClient 3.0.614, and ...)
NOT-FOR-US: Fortinet FortiClient
CVE-2009-1261 (Multiple cross-site scripting (XSS) vulnerabilities in Web Help Desk ...)
@@ -282217,7 +282216,7 @@ CVE-2009-1260 (Multiple stack-based buffer overflows in UltraISO 9.3.3.2685 and
CVE-2009-1259 (SQL injection vulnerability in inc/bb/topic.php in Insane Visions ...)
NOT-FOR-US: Insane Visions AdaptBB
CVE-2009-1258 (SQL injection vulnerability in the RD-Autos (com_rdautos) component ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2009-1257 (Heap-based buffer overflow in Magic ISO Maker 5.5 build 0274 allows ...)
NOT-FOR-US: Magic ISO Maker
CVE-2009-1256 (SQL injection vulnerability in FlexCMS 2.5 allows remote attackers to ...)
@@ -282333,7 +282332,7 @@ CVE-2008-6655 (Multiple cross-site scripting (XSS) vulnerabilities in GEDCOM_TO_
CVE-2008-6654 (Cross-site scripting (XSS) vulnerability in search_results.php in ...)
NOT-FOR-US: InfoBiz Server
CVE-2008-6653 (SQL injection vulnerability in webhosting.php in the Webhosting ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2008-6652 (SQL injection vulnerability in asd.php in OneCMS 2.5 allows remote ...)
NOT-FOR-US: OneCMS
CVE-2008-6651 (Static code injection vulnerability in edithistory.php in OxYProject ...)
@@ -283833,9 +283832,9 @@ CVE-2008-6433 (Cross-site scripting (XSS) vulnerability in index.cfm in Blue Riv
CVE-2008-6431 (Multiple cross-site scripting (XSS) vulnerabilities in BMForum 5.6 ...)
NOT-FOR-US: BMForum
CVE-2008-6430 (SQL injection vulnerability in the MyContent (com_mycontent) component ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2008-6429 (SQL injection vulnerability in the PrayerCenter (com_prayercenter) ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2008-6428 (The CGI framework in Kaya 0.4.0 allows remote attackers to inject ...)
- kaya 0.4.2-1 (low)
[etch] - kaya <no-dsa> (Minor issue)
@@ -284471,7 +284470,7 @@ CVE-2009-0728 (SQL injection vulnerability in the My_eGallery module for MAXdev
CVE-2009-0727 (SQL injection vulnerability in jobdetails.php in taifajobs 1.0 and ...)
NOT-FOR-US: taifajobs
CVE-2009-0726 (SQL injection vulnerability in the GigCalendar (com_gigcal) component ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2009-0725
RESERVED
CVE-2009-0724
@@ -284514,7 +284513,7 @@ CVE-2009-0708 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...
CVE-2009-0707 (SQL injection vulnerability in admin/index.php in PowerClan 1.14a ...)
NOT-FOR-US: PowerClan
CVE-2009-0706 (SQL injection vulnerability in the Simple Review (com_simple_review) ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2009-0705 (SQL injection vulnerability in news.php in PowerScripts PowerNews ...)
NOT-FOR-US: PowerScripts PowerNews
CVE-2009-0704 (SQL injection vulnerability in search.php in WSN Guest 1.23 allows ...)
@@ -284522,7 +284521,7 @@ CVE-2009-0704 (SQL injection vulnerability in search.php in WSN Guest 1.23 allow
CVE-2009-0703 (SQL injection vulnerability in bview.asp in ASPThai.Net Webboard 6.0 ...)
NOT-FOR-US: ASPThai.Net Webboard
CVE-2009-0702 (SQL injection vulnerability in the Phoca Documentation ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2009-0701 (Multiple PHP remote file inclusion vulnerabilities in index.php in ...)
NOT-FOR-US: Cybershade
CVE-2009-0700 (Plunet BusinessManager 4.1 and earlier allows remote authenticated ...)
@@ -284786,7 +284785,7 @@ CVE-2008-6235 (The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assis
[lenny] - vim <not-affected> (proof-of-concept does not work)
[etch] - vim <no-dsa> (Minor issue)
CVE-2008-6234 (SQL injection vulnerability in the com_musica module in Joomla! and ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2008-6233 (SQL injection vulnerability in index.php in Five Dollar Scripts Drinks ...)
NOT-FOR-US: Five Dollar Scripts Drinks script
CVE-2008-6232 (Pre Shopping Mall allows remote attackers to bypass authentication and ...)
@@ -284810,9 +284809,9 @@ CVE-2008-6224 (Directory traversal vulnerability in visualizza.php in Way Of The
CVE-2008-6223 (PHP remote file inclusion vulnerability in visualizza.php in Way Of ...)
NOT-FOR-US: Way Of The Warrior
CVE-2008-6222 (Directory traversal vulnerability in the Pro Desk Support Center ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2008-6221 (PHP remote file inclusion vulnerability in config.dadamail.php in the ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2008-6220 (SQL injection vulnerability in login.php in Simple Document Management ...)
NOT-FOR-US: Simple Document Management System
CVE-2008-6219 (nsrexecd.exe in multiple EMC Networker products including EMC ...)
@@ -285104,9 +285103,9 @@ CVE-2008-6151 (SQL injection vulnerability in shpdetails.asp in SepCity Shopping
CVE-2008-6150 (SQL injection vulnerability in classdis.asp in SepCity Classified Ads ...)
NOT-FOR-US: SepCity Faculty Portal
CVE-2008-6149 (SQL injection vulnerability in the mDigg (com_mdigg) component 2.2.8 ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2008-6148 (SQL injection vulnerability in the Live Ticker (com_liveticker) module ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2008-6147 (ForumApp 3.3 stores sensitive information under the web root with ...)
NOT-FOR-US: ForumApp
CVE-2008-6146 (SQL injection vulnerability in pm.php in DeluxeBB 1.2 and earlier, ...)
@@ -285343,7 +285342,7 @@ CVE-2008-6118 (win/content/upload.php in Goople CMS 1.7 allows remote attackers
CVE-2008-6117 (SQL injection vulnerability in homepage.php in PG Job Site Pro allows ...)
NOT-FOR-US: PG Job Site Pro
CVE-2008-6116 (SQL injection vulnerability in the EXtrovert Software Thyme ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2008-6115 (SQL injection vulnerability in directory.php in Prozilla Hosting Index ...)
NOT-FOR-US: Prozilla Hosting Index
CVE-2008-6114 (SQL injection vulnerability in product_details.php in the Mytipper ...)
@@ -285460,7 +285459,7 @@ CVE-2009-0496 (Multiple cross-site scripting (XSS) vulnerabilities in Ignite Rea
CVE-2009-0495 (PHP remote file inclusion vulnerability in include/define.php in ...)
NOT-FOR-US: REALTOR
CVE-2009-0494 (SQL injection vulnerability in the Portfol (com_portfol) 1.2 component ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2009-0493 (SQL injection vulnerability in login.php in IT!CMS 2.1a and earlier ...)
NOT-FOR-US: IT CMS
CVE-2009-0492 (Unspecified vulnerability in SimpleIrcBot before 1.0 Stable has ...)
@@ -285612,7 +285611,7 @@ CVE-2008-6090 (Directory traversal vulnerability in members.php in ScriptsEz Min
CVE-2008-6089 (Directory traversal vulnerability in main.php in ScriptsEz Easy Image ...)
NOT-FOR-US: ScriptsEz
CVE-2008-6088 (SQL injection vulnerability in the Joomtracker (com_joomtracker) 1.01 ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2008-6087 (Cross-site scripting (XSS) vulnerability in topic.php in Camera Life ...)
NOT-FOR-US: Camera Life
CVE-2008-6086 (SQL injection vulnerability in album.php in Camera Life 2.6.2b4 allows ...)
@@ -285628,7 +285627,7 @@ CVE-2008-6082 (Titan FTP Server 6.26 build 630 allows remote attackers to cause
CVE-2008-6081 (SQL injection vulnerability in contact.php in Simple Customer 1.2 ...)
NOT-FOR-US: Simple Customer
CVE-2008-6080 (Directory traversal vulnerability in download.php in the ionFiles ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2008-6079 (imlib2 before 1.4.2 allows context-dependent attackers to have an ...)
{DSA-2029-1}
- imlib2 1.4.2-1 (bug #576469)
@@ -285638,7 +285637,7 @@ CVE-2008-6078 (SQL injection vulnerability in open.php in the Private Messaging
CVE-2008-6077 (SQL injection vulnerability in loudblog/ajax.php in LoudBlog 0.8.0a ...)
NOT-FOR-US: LoudBlog
CVE-2008-6076 (SQL injection vulnerability in the Daily Message (com_dailymessage) ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2008-6075 (SQL injection vulnerability in aspkat.asp in Bahar Download Script 2.0 ...)
NOT-FOR-US: Bahar Download Script
CVE-2008-6074 (Directory traversal vulnerability in frame.php in phpcrs 2.06 and ...)
@@ -285657,7 +285656,7 @@ CVE-2008-6070 (Multiple heap-based buffer underflows in the ReadPALMImage functi
CVE-2008-6069 (SQL injection vulnerability in e107chat.php in the eChat plugin 4.2 ...)
NOT-FOR-US: eChat plugin
CVE-2008-6068 (SQL injection vulnerability in the JoomlaDate (com_joomladate) ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2003-1569 (GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote ...)
NOT-FOR-US: Windows
CVE-2003-1568 (GoAhead WebServer before 2.1.6 allows remote attackers to cause a ...)
@@ -285699,9 +285698,9 @@ CVE-2009-0423 (Directory traversal vulnerability in index.php in Php Photo Album
CVE-2009-0422 (Dynamic variable evaluation vulnerability in lists/admin.php in ...)
NOT-FOR-US: phpList
CVE-2009-0421 (SQL injection vulnerability in the Eventing (com_eventing) 1.6.x ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2009-0420 (SQL injection vulnerability in the RD-Autos (com_rdautos) 1.5.5 Stable ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2009-0419 (Microsoft XML Core Services, as used in Microsoft Expression Web, ...)
NOT-FOR-US: Microsoft
CVE-2009-0418 (The IPv6 Neighbor Discovery Protocol (NDP) implementation in HP HP-UX ...)
@@ -285844,9 +285843,9 @@ CVE-2009-0380 (** DISPUTED ** ...)
CVE-2009-0379 (SQL injection vulnerability in the Prince Clan Chess Club ...)
NOT-FOR-US: Prince Clan Chess Club
CVE-2009-0378 (Cross-site scripting (XSS) vulnerability in index.php in the ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2009-0377 (SQL injection vulnerability in the beamospetition (com_beamospetition) ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2009-0376 (Heap-based buffer overflow in a DLL file in RealNetworks RealPlayer ...)
NOT-FOR-US: RealPlayer
CVE-2009-0375 (Buffer overflow in a DLL file in RealNetworks RealPlayer 10, ...)
@@ -285855,7 +285854,7 @@ CVE-2009-0374 (** DISPUTED ** ...)
- chromium-browser <unfixed> (unimportant)
- webkit <not-affected> (poc doesn't work)
CVE-2009-0373 (SQL injection vulnerability in the ElearningForce Flash Magazine ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2009-0372 (Unrestricted file upload vulnerability in index.php in Miltenovik ...)
NOT-FOR-US: Miltenovik Manojlo MemHT Portal
CVE-2009-0371 (Directory traversal vulnerability in post.php in SiteXS CMS 0.1.1 and ...)
@@ -286389,7 +286388,7 @@ CVE-2008-5959 (Multiple SQL injection vulnerabilities in start.asp in Active Tes
CVE-2008-5958 (Multiple SQL injection vulnerabilities in Active Test 2.1 allow remote ...)
NOT-FOR-US: Active Test
CVE-2008-5957 (SQL injection vulnerability in the Mydyngallery (com_mydyngallery) ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2008-5956 (Wbstreet (aka PHPSTREET Webboard) 1.0 stores sensitive information ...)
NOT-FOR-US: Wbstreet
CVE-2008-5955 (SQL injection vulnerability in show.php in Wbstreet (aka PHPSTREET ...)
@@ -287565,7 +287564,7 @@ CVE-2008-5673 (PHParanoid before 0.4 does not properly restrict access to the me
CVE-2008-5672 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
NOT-FOR-US: PHParanoid
CVE-2008-5671 (PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2008-5670 (Textpattern (aka Txp CMS) 4.0.5 does not ask for the old password ...)
- textpattern 4.0.6-1 (low)
CVE-2008-5669 (index.php in the comments preview section in Textpattern (aka Txp CMS) ...)
@@ -287624,7 +287623,7 @@ CVE-2008-5644 (Cross-site scripting (XSS) vulnerability in the file backend modu
- typo3-src 4.2.3-1 (bug #505324)
[etch] - typo3-src <not-affected> (Only Typo3 4.2.2 is affected)
CVE-2008-5643 (SQL injection vulnerability in the Books (com_books) component for ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2008-5642 (Directory traversal vulnerability in admin/login.php in CMS Made ...)
NOT-FOR-US: CMS Made Simple
CVE-2008-5641 (SQL injection vulnerability in account.asp in Active Photo Gallery 6.2 ...)
@@ -291466,7 +291465,7 @@ CVE-2008-4124
CVE-2008-4123
RESERVED
CVE-2008-4122 (Joomla! 1.5.8 does not set the secure flag for the session cookie in ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2008-4121 (Multiple cross-site scripting (XSS) vulnerabilities in cpCommerce ...)
NOT-FOR-US: cpCommerce
CVE-2008-4120 (Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.804 ...)
@@ -291507,13 +291506,13 @@ CVE-2008-4106 (WordPress before 2.6.2 does not properly handle MySQL warnings ab
{DSA-1871-2 DSA-1871-1}
- wordpress 2.5.1-8 (bug #500115)
CVE-2008-4105 (JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2008-4104 (Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2008-4103 (The mailto (aka com_mailto) component in Joomla! 1.5 before 1.5.7 ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2008-4102 (Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2008-4101 (Vim 3.0 through 7.x before 7.2.010 does not properly escape ...)
{DSA-1733-1}
- vim 2:7.2.010-1 (low; bug #500381)
@@ -292633,7 +292632,7 @@ CVE-2008-3683 (Unspecified vulnerability in the FTP subsystem in Sun Java System
CVE-2008-3682 (SQL injection vulnerability in dpage.php in YPN PHP Realty allows ...)
NOT-FOR-US: YPN PHP Realty
CVE-2008-3681 (components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2008-3680 (The decryption function in Flagship Industries Ventrilo 3.0.2 and ...)
NOT-FOR-US: Flagship Industries Ventrilo
CVE-2008-3679 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
@@ -293732,13 +293731,13 @@ CVE-2008-3230 (The ffmpeg lavf demuxer allows user-assisted attackers to cause a
- xmovie <removed> (unimportant)
NOTE: Only a NULL pointer deference, hardly security relevant
CVE-2008-3228 (Joomla! before 1.5.4 does not configure .htaccess to apply certain ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2008-3227 (Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2008-3226 (The file caching implementation in Joomla! before 1.5.4 allows ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2008-3225 (Joomla! before 1.5.4 allows attackers to access administration ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2008-3217 (PowerDNS Recursor before 3.1.6 does not always use the strongest ...)
{DSA-1544-2}
- pdns-recursor 3.1.7-1 (low; bug #493576)
@@ -294512,7 +294511,7 @@ CVE-2008-2894 (Directory traversal vulnerability in the FTP client in NCH Softwa
CVE-2008-2893 (SQL injection vulnerability in news.php in AJ Square aj-hyip (aka AJ ...)
NOT-FOR-US: AJ Square aj-hyip
CVE-2008-2892 (SQL injection vulnerability in the EXP Shop (com_expshop) component ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2008-2891 (SQL injection vulnerability in index.php in eMuSOFT emuCMS 0.3 allows ...)
NOT-FOR-US: emuCMS
CVE-2008-2890 (Multiple SQL injection vulnerabilities in Online Fantasy Football ...)
@@ -297719,7 +297718,7 @@ CVE-2008-1535 (SQL injection vulnerability in the Matti Kiviharju rekry (aka ...
CVE-2008-1534 (Multiple directory traversal vulnerabilities in PowerPHPBoard 1.00b ...)
NOT-FOR-US: PowerPHPBoard
CVE-2008-1533 (Unspecified vulnerability in the XML-RPC Blogger API plugin in Joomla! ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2008-1532 (Perlbal before 1.70, when buffered upload is enabled, allows remote ...)
- perlbal <not-affected> (Fixed before initial upload to archive)
CVE-2008-1531 (The connection_state_machine function (connections.c) in lighttpd ...)
@@ -301477,13 +301476,13 @@ CVE-2007-6647 (SQL injection vulnerability in index.php in w-Agora 4.2.1 and ear
CVE-2007-6646 (Multiple cross-site scripting (XSS) vulnerabilities in LiveCart 1.0.1, ...)
NOT-FOR-US: LiveCart
CVE-2007-6645 (Unspecified vulnerability in Joomla! before 1.5 RC4 allows remote ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2007-6644 (Joomla! before 1.5 RC4 allows remote authenticated administrators to ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2007-6643 (Cross-site scripting (XSS) vulnerability in the com_poll component in ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2007-6642 (Multiple cross-site request forgery (CSRF) vulnerabilities in Joomla! ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2007-6641 (Cross-site scripting (XSS) vulnerability in dir.php in milliscripts ...)
NOT-FOR-US: milliscripts
CVE-2007-6640 (Creammonkey 0.9 through 1.1 and GreaseKit 1.2 through 1.3 does not ...)
@@ -302430,7 +302429,7 @@ CVE-2007-6274 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
CVE-2007-6273 (Multiple format string vulnerabilities in the configuration file in ...)
NOT-FOR-US: SonicWALL GLobal VPN Client
CVE-2007-6272 (Multiple SQL injection vulnerabilities in index.php in Joomla! 1.5 RC3 ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2007-6271 (Absolute News Manager.NET 5.1 allows remote attackers to obtain ...)
NOT-FOR-US: Absolute News Manager.NET
CVE-2007-6270 (Multiple cross-site scripting (XSS) vulnerabilities in Absolute News ...)
@@ -304714,7 +304713,7 @@ CVE-2007-5578 (Basic Analysis and Security Engine (BASE) before 1.3.8 sends a ..
- acidbase 1.3.8 (low)
[etch] - acidbase <no-dsa> (Minor issue)
CVE-2007-5577 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2007-5576 (BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic ...)
NOT-FOR-US: BEA Tuxedo
CVE-2007-5575 (Cross-site request forgery (CSRF) vulnerability in 1024 CMS 1.2.5 ...)
@@ -305209,7 +305208,7 @@ CVE-2007-5429 (Cross-site scripting (XSS) vulnerability in index.php in Nucleus
CVE-2007-5428 (Cross-site scripting (XSS) vulnerability in UMI CMS allows remote ...)
NOT-FOR-US: UMI CMS
CVE-2007-5427 (Cross-site scripting (XSS) vulnerability in the com_search component ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2007-5426 (Multiple cross-site scripting (XSS) vulnerabilities in ActiveKB NX ...)
NOT-FOR-US: ActiveKB NX
CVE-2007-5425 (SQL injection vulnerability in admin/index.php in Interspire ActiveKB ...)
@@ -307039,15 +307038,15 @@ CVE-2007-4782 (PHP before 5.2.3 allows context-dependent attackers to cause a de
- php5 5.2.3-1 (unimportant)
NOTE: Only triggerable by malicious script
CVE-2007-4781 (administrator/index.php in the installer component (com_installer) in ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2007-4780 (Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to obtain ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2007-4779 (Cross-site scripting (XSS) vulnerability in Joomla! 1.5 before RC2 ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2007-4778 (Multiple SQL injection vulnerabilities in the content component ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2007-4777 (SQL injection vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2007-4776 (Buffer overflow in Microsoft Visual Basic 6.0 and Enterprise Edition ...)
NOT-FOR-US: Microsoft Visual Basic
CVE-2007-4775
@@ -308351,7 +308350,7 @@ CVE-2007-4246 (Unspecified vulnerability, possibly a buffer overflow, in Justsys
CVE-2007-4245 (Cross-site scripting (XSS) vulnerability in Search.php in DiMeMa ...)
NOT-FOR-US: DiMeMa CONTENTdm
CVE-2007-4244 (PHP remote file inclusion vulnerability in langset.php in J! ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2007-4243 (Unspecified vulnerability in pfilter-reporter.pl in Astaro Security ...)
NOT-FOR-US: Astaro Security Gateway
CVE-2007-4242 (The pop3 Proxy in Astaro Security Gateway (ASG) 7 does not perform ...)
@@ -308472,19 +308471,19 @@ CVE-2007-4192 (Multiple cross-site scripting (XSS) vulnerabilities in IDE Group
CVE-2007-4191 (Panda Antivirus 2008 stores service executables under the product's ...)
NOT-FOR-US: Panda Antivirus
CVE-2007-4190 (CRLF injection vulnerability in Joomla! before 1.0.13 (aka Sunglow) ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2007-4189 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2007-4188 (Session fixation vulnerability in Joomla! before 1.0.13 (aka Sunglow) ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2007-4187 (Multiple eval injection vulnerabilities in the com_search component in ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2007-4186 (PHP remote file inclusion vulnerability in admin.tour_toto.php in the ...)
NOT-FOR-US: Joomla! addon
CVE-2007-4185 (Joomla! 1.0.12 allows remote attackers to obtain sensitive information ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2007-4184 (SQL injection vulnerability in administrator/popups/pollwindow.php in ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2007-4183 (SQL injection vulnerability in main.php in paBugs 2.0 Beta 3 and ...)
NOT-FOR-US: paBugs
CVE-2007-4182 (Unrestricted file upload vulnerability in index.php in WikiWebWeaver ...)
@@ -313374,7 +313373,7 @@ CVE-2007-2201 (Multiple PHP remote file inclusion vulnerabilities in Post Revolu
CVE-2007-2200 (Directory traversal vulnerability in navigator/navigator_ok.php in ...)
NOT-FOR-US: Pagode
CVE-2007-2199 (PHP remote file inclusion vulnerability in lib/pcltar.lib.php (aka ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2007-2198 (Cross-site scripting (XSS) vulnerability in LAN Management System ...)
NOT-FOR-US: LAN Management System
CVE-2007-2197 (Race condition in the NeatUpload ASP.NET component 1.2.11 through ...)
@@ -316939,11 +316938,11 @@ CVE-2007-0872 (Directory traversal vulnerability in the Plain Old Webserver (POW
CVE-2007-0871 (Unrestricted file upload vulnerability in eXtremePow eXtreme File ...)
NOT-FOR-US: eXtreme File Hosting
CVE-2006-7010 (The mosgetparam implementation in Joomla! before 1.0.10, does not set ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2006-7009 (Joomla! before 1.0.10 allows remote attackers to spoof the frontend ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2006-7008 (Unspecified vulnerability in Joomla! before 1.0.10 has unknown impact ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2006-7007 (Buffer overflow in Tiny FTPd 1.4 and earlier allows remote attackers ...)
NOT-FOR-US: Tiny FTPd
CVE-2006-7006 (** DISPUTED ** ...)
@@ -318212,7 +318211,7 @@ CVE-2007-0389 (Directory traversal vulnerability in ArsDigita Community System (
CVE-2007-0388 (SQL injection vulnerability in search.php in Woltlab Burning Board ...)
NOT-FOR-US: Woltlab Burning Board
CVE-2007-0387 (SQL injection vulnerability in models/category.php in the Weblinks ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2007-0386 (Unspecified vulnerability in the rating section in PostNuke 0.764 has ...)
NOT-FOR-US: PostNuke
CVE-2007-0385 (The faq section in PostNuke 0.764 allows remote attackers to obtain ...)
@@ -318236,11 +318235,11 @@ CVE-2007-0377 (Multiple SQL injection vulnerabilities in Xoops 2.0.16 allow remo
CVE-2007-0376 (Cross-site scripting (XSS) vulnerability in Virtuemart 1.0.7 allows ...)
NOT-FOR-US: Virtuemart
CVE-2007-0375 (Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2007-0374 (SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and ...)
- mambo 4.6.1-5 (bug #407995; low)
CVE-2007-0373 (Multiple SQL injection vulnerabilities in Joomla! 1.5.0 Beta allow ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2007-0372 (Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 7.9 ...)
NOT-FOR-US: PHP-Nuke
CVE-2007-0371 (A certain ActiveX control in the Common Controls Replacement Project ...)
@@ -319331,11 +319330,11 @@ CVE-2006-6836 (Multiple unspecified vulnerabilities in osp-cert in IBM OS/400 V5
CVE-2006-6835 (SQL injection vulnerability in Journal.inc.php in Neocrome Land Down ...)
NOT-FOR-US: Land Down Under
CVE-2006-6834 (Multiple unspecified vulnerabilities in Joomla! before 1.0.12 have ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2006-6833 (com_categories in Joomla! before 1.0.12 does not validate input, which ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2006-6832 (Cross-site scripting (XSS) vulnerability in Joomla! before 1.0.12 ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2006-6831 (SQL injection vulnerability in faqDsp.asp in aFAQ 1.0 allows remote ...)
NOT-FOR-US: aFAQ
CVE-2006-6830 (PHP remote file inclusion vulnerability in b2verifauth.php in b2 Blog ...)
@@ -324686,27 +324685,27 @@ CVE-2006-4478 (SQL injection vulnerability in headeruserdata.php in Visual Shape
CVE-2006-4477 (Multiple PHP remote file inclusion vulnerabilities in Visual Shapers ...)
NOT-FOR-US: ezContents
CVE-2006-4476 (Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2006-4475 (Joomla! before 1.0.11 does not limit access to the Admin Popups ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2006-4474 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2006-4473 (Unspecified vulnerability in com_content in Joomla! before 1.0.11, ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2006-4472 (Multiple unspecified vulnerabilities in Joomla! before 1.0.11 allow ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2006-4471 (The Admin Upload Image functionality in Joomla! before 1.0.11 allows ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2006-4470 (Joomla! before 1.0.11 omits some checks for whether _VALID_MOS is ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2006-4469 (Unspecified vulnerability in PEAR.php in Joomla! before 1.0.11 allows ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2006-4468 (Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2006-4467 (Simple Machines Forum (SMF) 1.1RCx before 1.1RC3, and 1.0.x before ...)
NOT-FOR-US: Simple Machines Forum
CVE-2006-4466 (Joomla! before 1.0.11 does not properly unset variables when the input ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2006-4465 (** DISPUTED ** ...)
NOT-FOR-US: Microsoft
CVE-2006-4464 (The Nokia Browser, possibly Nokia Symbian 60 Browser 3rd edition, ...)
@@ -327009,9 +327008,9 @@ CVE-2006-3483 (PHPMailList 1.8.0 stores sensitive information under the web docu
CVE-2006-3482 (Cross-site scripting (XSS) vulnerability in maillist.php in ...)
NOT-FOR-US: PHPMailList
CVE-2006-3481 (Multiple SQL injection vulnerabilities in Joomla! before 1.0.10 allow ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2006-3480 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2006-3479 (Cross-site request forgery (CSRF) vulnerability in the del_block ...)
NOT-FOR-US: Nuked-Klan
CVE-2006-3478 (PHP remote file inclusion vulnerability in ...)
@@ -328157,7 +328156,7 @@ CVE-2006-2962 (PHP remote file inclusion vulnerability in sql_fcnsOLD.php in ...
CVE-2006-2961 (Stack-based buffer overflow in CesarFTP 0.99g and earlier allows ...)
NOT-FOR-US: CesarFTP
CVE-2006-2960 (PHP remote file inclusion vulnerability in includes/joomla.php in ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2006-2959 (SQL injection vulnerability in inc_header.asp in Snitz Forum 3.4.05 ...)
NOT-FOR-US: Snitz Forum
CVE-2006-2958 (Directory traversal vulnerability in FilZip 3.05 allows remote ...)
@@ -337509,11 +337508,11 @@ CVE-2005-3775 (PHP remote file inclusion vulnerability in pollvote.php in PollVo
CVE-2005-3774 (Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of ...)
NOT-FOR-US: Cisco
CVE-2005-3773 (Unspecified vulnerability in Joomla! before 1.0.4 has unknown impact ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2005-3772 (Multiple SQL injection vulnerabilities in Joomla! before 1.0.4 allow ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2005-3771 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...)
- NOT-FOR-US: Joomla
+ NOT-FOR-US: Joomla!
CVE-2005-3770 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Post (PHPp) ...)
NOT-FOR-US: PHP-Post
CVE-2005-3769 (SQL injection vulnerability in files.php in PHP Download Manager 1.1.3 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/1021a552915318a962f4666ab1cd42427713cee3...0df9b503e4764a9f53679a893ba50c310c7aaf8e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/1021a552915318a962f4666ab1cd42427713cee3...0df9b503e4764a9f53679a893ba50c310c7aaf8e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190212/45c730c0/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list