Author: stef-guest
Date: 2008-09-23 22:14:19 +0000 (Tue, 23 Sep 2008)
New Revision: 9876
Modified:
data/CVE/list
Log:
some more NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-09-23 21:55:56 UTC (rev 9875)
+++ data/CVE/list 2008-09-23 22:14:19 UTC (rev 9876)
@@ -29,7 +29,7 @@
CVE-2008-4175 (Multiple SQL injection vulnerabilities in Link Bid Script 1.5
allow ...)
NOT-FOR-US: Link Bid Script
CVE-2008-4174 (Multiple cross-site scripting (XSS) vulnerabilities in
index.php in ...)
- TODO: check
+ NOT-FOR-US: Dynamic MP3 Lister
CVE-2008-4173 (SQL injection vulnerability in ProArcadeScript 1.3 allows
remote ...)
NOT-FOR-US: ProArcadeScript
CVE-2008-4172 (SQL injection vulnerability in page.php in Cars & Vehicle
(aka ...)
@@ -63,57 +63,57 @@
CVE-2008-4158 (Multiple directory traversal vulnerabilities in index.php in
Zanfi CMS ...)
NOT-FOR-US: Zanfi CMS
CVE-2008-4157 (SQL injection vulnerability in groups.php in Vastal I-Tech
phpVID 1.1 ...)
- TODO: check
+ NOT-FOR-US: Vastal I-Tech phpVID
CVE-2008-4156 (SQL injection vulnerability in print.php in CustomCms (CCMS)
Gaming ...)
- TODO: check
+ NOT-FOR-US: CustomCms (CCMS) Gaming Portal
CVE-2008-4155 (Multiple directory traversal vulnerabilities in EasySite 2.3
allow ...)
- TODO: check
+ NOT-FOR-US: EasySite
CVE-2008-4154 (SQL injection vulnerability in living-e webEdition CMS allows
remote ...)
- TODO: check
+ NOT-FOR-US: living-e webEdition CMS
CVE-2008-4153 (The Talk module 5.x before 5.x-1.3 and 6.x before 6.x-1.5, a
module ...)
- TODO: check
+ NOT-FOR-US: Talk module for Drupal
CVE-2008-4152 (Cross-site scripting (XSS) vulnerability in the Talk module 5.x
before ...)
- TODO: check
+ NOT-FOR-US: Talk module for Drupal
CVE-2008-4151 (Directory traversal vulnerability in collect.php in CYASK 3.x
allows ...)
- TODO: check
+ NOT-FOR-US: CYASK
CVE-2008-4150 (SQL injection vulnerability in picture_category.php in Diesel
Joke ...)
- TODO: check
+ NOT-FOR-US: Diesel Joke Site
CVE-2008-4149 (Cross-site scripting (XSS) vulnerability in the Greg Holsclaw
Link to ...)
- TODO: check
+ NOT-FOR-US: Greg Holsclaw Link to Us module for Drupal
CVE-2008-4148 (SQL injection vulnerability in the Mailhandler module 5.x
before ...)
- TODO: check
+ NOT-FOR-US: Mailhandler module for Drupal
CVE-2008-4147 (Cross-site scripting (XSS) vulnerability in the Mailsave module
5.x ...)
- TODO: check
+ NOT-FOR-US: Mailsave module for Drupal
CVE-2008-4146 (Addalink 1.0 beta 4 and earlier allows remote attackers to (1)
approve ...)
- TODO: check
+ NOT-FOR-US: Addalink
CVE-2008-4145 (SQL injection vulnerability in user_read_links.php in Addalink
1.0 ...)
- TODO: check
+ NOT-FOR-US: Addalink
CVE-2008-4144 (SQL injection vulnerability in index.php in ACG-ScriptShop
E-Gold ...)
- TODO: check
+ NOT-FOR-US: ACG-ScriptShop E-Gold Script Shop
CVE-2008-4143 (SQL injection vulnerability in category_search.php in
RazorCommerce ...)
- TODO: check
+ NOT-FOR-US: RazorCommerce Shopping Cart
CVE-2008-4142 (SQL injection vulnerability in article.php in E-Php CMS allows
remote ...)
- TODO: check
+ NOT-FOR-US: E-Php CMS
CVE-2008-4141 (Multiple PHP remote file inclusion vulnerabilities in x10Media
x10 ...)
- TODO: check
+ NOT-FOR-US: x10Media x10 Automatic MP3 Script
CVE-2008-4140 (Cross-site scripting (XSS) vulnerability in admin.php in
Quick.Cart ...)
- TODO: check
+ NOT-FOR-US: Quick.Cart
CVE-2008-4139 (Cross-site scripting (XSS) vulnerability in admin.php in
OpenSolution ...)
- TODO: check
+ NOT-FOR-US: OpenSolution Quick.Cms.Lite
CVE-2008-4138 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Technote
CVE-2008-4137 (PHP remote file inclusion vulnerability in footer.php in
PHP-Crawler ...)
- TODO: check
+ NOT-FOR-US: PHP-Crawler
CVE-2008-4136 (Michael Roth Software Personal FTP Server (PFT) 6.0f allows
remote ...)
- TODO: check
+ NOT-FOR-US: Michael Roth Software Personal FTP Server (PFT)
CVE-2008-4135 (Symbian OS S60 3rd edition on the Nokia E90 Communicator and
Nseries ...)
- TODO: check
+ NOT-FOR-US: Symbian
CVE-2008-4134 (PHP remote file inclusion vulnerability in
manager/static/view.php in ...)
- TODO: check
+ NOT-FOR-US: phpRealty
CVE-2008-4133 (The web proxy service on the D-Link DIR-100 with firmware 1.12
and ...)
- TODO: check
+ NOT-FOR-US: D-Link
CVE-2008-4132 (Stack-based buffer overflow in the VSFlexGrid.VSFlexGridL
ActiveX ...)
- TODO: check
+ NOT-FOR-US: SFlexGrid.VSFlexGridL ActiveX
CVE-2008-4131 (Multiple unspecified vulnerabilities in Sun Solaris 8 through
10 allow ...)
TODO: check
CVE-2008-4130 (Cross-site scripting (XSS) vulnerability in Gallery 2.x before
2.2.6 ...)
@@ -121,11 +121,11 @@
CVE-2008-4129 (Gallery before 1.5.9, and 2.x before 2.2.6, does not properly
handle ...)
TODO: check
CVE-2008-4128 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the HTTP ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2008-4127 (Mshtml.dll in Microsoft Internet Explorer 7 Gold 7.0.5730 and 8
Beta ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-4126 (PyDNS (aka python-dns) before 2.3.1-5 in Debian GNU/Linux does
not use ...)
- TODO: check
+ - python-dns 2.3.1-5 (bug #490217)
CVE-2008-4125 (The search function in phpBB 2.x provides a search_id value
that leaks ...)
TODO: check
CVE-2008-4124
@@ -141,11 +141,11 @@
CVE-2008-4119
RESERVED
CVE-2008-4118 (Cross-site scripting (XSS) vulnerability in High Norm Sound
Master 2nd ...)
- TODO: check
+ NOT-FOR-US: High Norm Sound Master
CVE-2008-4117 (Unspecified vulnerability in a web page in the PRM module in
Sun ...)
- TODO: check
+ NOT-FOR-US: Sun Management Center (SunMC)
CVE-2008-4116 (Heap-based buffer overflow in Apple QuickTime 7.5.5 and iTunes
8.0 ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2008-XXXX [heap overflow in fraud2]
- fraud2 <unfixed> (bug #499899)
NOTE: http://bugs.gentoo.org/show_bug.cgi?id=238445
@@ -474,7 +474,7 @@
CVE-2008-3965 (SQL injection vulnerability in misc.php in MyBB (aka
MyBulletinBoard) ...)
NOT-FOR-US: MyBB
CVE-2008-3961 (Multiple unspecified vulnerabilities in Adobe Illustrator CS2
on ...)
- TODO: check
+ NOT-FOR-US: Adobe Illustrator
CVE-2008-3960 (Unspecified vulnerability in the JDBC Applet Server Service
(aka ...)
NOT-FOR-US: IBM DB2 UDB
CVE-2008-3959 (IBM DB2 UDB 8.1 before FixPak 16, and 8.2 before FixPak 9,
allows ...)
@@ -3995,11 +3995,11 @@
CVE-2008-2471
RESERVED
CVE-2008-2470 (The InstallShield Update Service Agent ActiveX control in
isusweb.dll ...)
- TODO: check
+ NOT-FOR-US: InstallShield
CVE-2008-2469
RESERVED
CVE-2008-2468 (Multiple buffer overflows in the QIP Server Service (aka
qipsrvr.exe) ...)
- TODO: check
+ NOT-FOR-US: LANDesk Management Suite
CVE-2008-2467
RESERVED
CVE-2008-2466
@@ -7268,7 +7268,7 @@
CVE-2008-1094
RESERVED
CVE-2008-1093 (Acresso InstallShield Update Agent does not properly verify the
...)
- TODO: check
+ NOT-FOR-US: FLEXnet Connect
CVE-2008-1092 (Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft
Jet ...)
NOT-FOR-US: Microsoft Jet Database Engine
CVE-2008-1091 (Unspecified vulnerability in Microsoft Word in Office 2000 and
XP SP3, ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
