Author: thomasbl-guest
Date: 2008-08-14 18:36:54 +0000 (Thu, 14 Aug 2008)
New Revision: 9576
Modified:
data/CVE/list
Log:
finished all "NOT-FOR-US"-tagging from the new "TODO: check"-tags
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-08-14 17:16:34 UTC (rev 9575)
+++ data/CVE/list 2008-08-14 18:36:54 UTC (rev 9576)
@@ -236,19 +236,19 @@
CVE-2008-3555 (Directory traversal vulnerability in index.php in (1) WSN Forum
4.1.43 ...)
TODO: check
CVE-2008-3554 (SQL injection vulnerability in index.php in Discuz! 6.0.1
allows ...)
- TODO: check
+ NOT-FOR-US: Discuz!
CVE-2008-3553 (Multiple unspecified vulnerabilities in Nokia Series 40 3rd
edition ...)
- TODO: check
+ NOT-FOR-US: Nokia Series 40 3rd edition devices
CVE-2008-3552 (Multiple unspecified vulnerabilities in Nokia Series 40 3rd
edition ...)
- TODO: check
+ NOT-FOR-US: Nokia Series 40 3rd edition devices
CVE-2008-3551 (Multiple unspecified vulnerabilities in Sun Java Platform Micro
...)
TODO: check
CVE-2008-3550 (The CQWeb login page in IBM Rational ClearQuest 7.0.1 allows
remote ...)
- TODO: check
+ NOT-FOR-US: IBM Rational ClearQuest
CVE-2008-3549 (Unspecified vulnerability in the pthread_mutex_reltimedlock_np
API in ...)
- TODO: check
+ NOT-FOR-US: Sun Solaris 10 and OpenSolaris
CVE-2008-3548 (Unspecified vulnerability in the Sun Netra T5220 Server with
firmware ...)
- TODO: check
+ NOT-FOR-US: Sun Netra T5220 Server
CVE-2008-3545
RESERVED
CVE-2008-3544
@@ -308,41 +308,41 @@
CVE-2008-3517
RESERVED
CVE-2008-3516 (Multiple cross-site scripting (XSS) vulnerabilities in files
generated ...)
- TODO: check
+ NOT-FOR-US: Adobe Presenter
CVE-2008-3515 (Multiple cross-site scripting (XSS) vulnerabilities in files
generated ...)
- TODO: check
+ NOT-FOR-US: Adobe Presenter
CVE-2008-3514 (Unspecified vulnerability in VMware VirtualCenter 2.5 before
Update 2 ...)
- TODO: check
+ NOT-FOR-US: VMware VirtualCenter
CVE-2008-3513 (SQL injection vulnerability in the Book Catalog module 1.0 for
...)
- TODO: check
+ NOT-FOR-US: PHP-Nuke
CVE-2008-3512 (SQL injection vulnerability in the Kleinanzeigen module for
PHP-Nuke ...)
- TODO: check
+ NOT-FOR-US: PHP-Nuke
CVE-2008-3511 (Multiple cross-site scripting (XSS) vulnerabilities in Softbiz
Image ...)
- TODO: check
+ NOT-FOR-US: Softbiz Image Gallery
CVE-2008-3510 (Cross-site scripting (XSS) vulnerability in livehelp_js.php in
Crafty ...)
- TODO: check
+ NOT-FOR-US: Crafty Syntax Live Help (CSLH)
CVE-2008-3509 (LoveCMS 1.6.2 does not require administrative authentication
for (1) ...)
- TODO: check
+ NOT-FOR-US: LoveCMS
CVE-2008-3508 (LiteNews 0.1 (aka 01), and possibly 1.2 and earlier, allows
remote ...)
- TODO: check
+ NOT-FOR-US: LiteNews
CVE-2008-3507 (SQL injection vulnerability in index.php in LiteNews 0.1 (aka
01), and ...)
- TODO: check
+ NOT-FOR-US: LiteNews
CVE-2008-3506 (SQL injection vulnerability in PolyPager 1.0 rc2 and earlier
allows ...)
- TODO: check
+ NOT-FOR-US: PolyPager
CVE-2008-3505 (Cross-site scripting (XSS) vulnerability in PolyPager 1.0 rc2
and ...)
- TODO: check
+ NOT-FOR-US: PolyPager
CVE-2008-3504 (Unspecified vulnerability in mask PHP File Manager (mPFM)
before 2.3 ...)
- TODO: check
+ NOT-FOR-US: mask PHP File Manager (mPFM)
CVE-2008-3503 (RSSFromParent in Plain Black WebGUI before 7.5.13 does not
restrict ...)
- TODO: check
+ NOT-FOR-US: Plain Black WebGUI
CVE-2008-3502 (Unspecified vulnerability in Best Practical Solutions RT 3.0.0
through ...)
- TODO: check
+ NOT-FOR-US: Best Practical Solutions RT
CVE-2008-3501 (Cross-site scripting (XSS) vulnerability in the WebAccess
simple ...)
- TODO: check
+ NOT-FOR-US: Novell Groupwise
CVE-2008-3500 (Cross-site scripting (XSS) vulnerability in the Suggested Terms
module ...)
TODO: check
CVE-2008-3499 (Unspecified vulnerability in "a page in the workarea
folder" in Ektron ...)
- TODO: check
+ NOT-FOR-US: Ektron CMS400.NET
CVE-2008-3498 (SQL injection vulnerability in the nBill (com_netinvoice)
component ...)
TODO: check
CVE-2008-3497 (SQL injection vulnerability in pages.php in MyPHP CMS 0.3.1
allows ...)
@@ -350,27 +350,27 @@
CVE-2008-3496 (Buffer overflow in format descriptor parsing in the
uvc_parse_format ...)
TODO: check
CVE-2008-3495 (SQL injection vulnerability in kategori.asp in Pcshey Portal
allows ...)
- TODO: check
+ NOT-FOR-US: Pcshey Portal
CVE-2008-3494 (8e6 R3000 Internet Filter 2.0.12.10 allows remote attackers to
bypass ...)
- TODO: check
+ NOT-FOR-US: 8e6 R3000 Internet Filter
CVE-2008-3493 (vncviewer.exe in RealVNC Windows Client 4.1.2.0 allows remote
VNC ...)
- TODO: check
+ NOT-FOR-US: RealVNC Windows Client
CVE-2008-3492 (America's Army (aka AA or Army Game Project) 2.8.3.1 and
earlier ...)
- TODO: check
+ NOT-FOR-US: America's Army (aka AA or Army Game Project)
CVE-2008-3491 (SQL injection vulnerability in go.php in Scripts24 iPost 1.0.1
and ...)
- TODO: check
+ NOT-FOR-US: Scripts24 iPost
CVE-2008-3490 (SQL injection vulnerability in members/mail.php in E-topbiz
Online ...)
- TODO: check
+ NOT-FOR-US: E-topbiz Online Dating 3
CVE-2008-3489 (SQL injection vulnerability in checkCookie function in ...)
- TODO: check
+ NOT-FOR-US: PHPX
CVE-2008-3488 (Unspecified vulnerability in Novell iManager before 2.7 SP1
(2.7.1) ...)
- TODO: check
+ NOT-FOR-US: Novell iManager
CVE-2008-3487 (SQL injection vulnerability in profile.php in PHPAuction GPL
Enhanced ...)
TODO: check
CVE-2008-3486 (Directory traversal vulnerability in the user_get_profile
function in ...)
- TODO: check
+ NOT-FOR-US: Coppermine Photo Gallery
CVE-2008-3485 (Untrusted search path vulnerability in Citrix MetaFrame
Presentation ...)
- TODO: check
+ NOT-FOR-US: Citrix MetaFrame Presentation Server
CVE-2008-3532 (The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL
...)
- pidgin <unfixed> (bug #492434)
- gaim 1:2.0.0+fake.1
@@ -428,7 +428,7 @@
CVE-2008-3461
RESERVED
CVE-2008-3460 (Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office
Converter ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office 2000
CVE-2008-3459 (Unspecified vulnerability in OpenVPN 2.1-beta14 through
2.1-rc8, when ...)
- openvpn 2.1~rc9-1 (low; bug #493488)
NOTE: pull/push needs to be allowed, successful authentication,
compromised or malicious server
@@ -1054,7 +1054,7 @@
CVE-2008-3175 (Integer underflow in rxRPC.dll in the LGServer service in the
...)
NOT-FOR-US: CA ARCserve Backup
CVE-2008-3174 (Unspecified vulnerability in the kmxfw.sys driver in CA
Host-Based ...)
- TODO: check
+ NOT-FOR-US: r8 (Host-Based Intrusion Prevention System (HIPS))
CVE-2008-3173 (Microsoft Internet Explorer allows web sites to set cookies for
...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-3172 (Opera allows web sites to set cookies for country-specific
top-level ...)
@@ -1418,13 +1418,13 @@
CVE-2008-3022 (Multiple PHP remote file inclusion vulnerabilities in ...)
NOT-FOR-US: PHPortal
CVE-2008-3021 (Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office
Converter ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office 2000
CVE-2008-3020 (Microsoft Office 2000 SP3 and XP SP3; Office Converter Pack;
and Works ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office 2000
CVE-2008-3019 (Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office
Converter ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office 2000
CVE-2008-3018 (Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office
Converter ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office 2000
CVE-2008-3017
RESERVED
CVE-2008-3016
@@ -1448,13 +1448,13 @@
CVE-2008-3007
RESERVED
CVE-2008-3006 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3,
and 2007 ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office Excel
CVE-2008-3005 (Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004
and 2008 ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office Excel
CVE-2008-3004 (Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and
SP3; ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office Excel
CVE-2008-3003 (Microsoft Office Excel 2007 Gold and SP1, does not properly
delete the ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office Excel
CVE-2008-3002
RESERVED
CVE-2008-3001 (The Aggregation module 5.x before 5.x-4.4 for Drupal allows
remote ...)
@@ -1593,7 +1593,7 @@
CVE-2008-2928
RESERVED
CVE-2008-2926 (The kmxfw.sys driver in CA Host-Based Intrusion Prevention
System ...)
- TODO: check
+ NOT-FOR-US: r8 (Host-Based Intrusion Prevention System)
CVE-2008-2925 (SQL injection vulnerability in Webmatic before 2.8 allows
remote ...)
NOT-FOR-US: Webmatic
CVE-2008-2924 (Cross-site scripting (XSS) vulnerability in Webmatic before 2.8
allows ...)
@@ -3131,17 +3131,17 @@
CVE-2008-2260
RESERVED
CVE-2008-2259 (Microsoft Internet Explorer 6 and 7 does not perform proper
"argument ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2258 (Microsoft Internet Explorer 5.01, 6, and 7 accesses
uninitialized ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2257 (Microsoft Internet Explorer 5.01, 6, and 7 accesses
uninitialized ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2256 (Microsoft Internet Explorer 5.01, 6, and 7 does not properly
handle ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2255 (Microsoft Internet Explorer 5.01, 6, and 7 accesses
uninitialized ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2254 (Microsoft Internet Explorer 5.01, 6, and 7 accesses
uninitialized ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2253
RESERVED
CVE-2008-2252
@@ -3157,9 +3157,9 @@
CVE-2008-2247 (Cross-site scripting (XSS) vulnerability in Outlook Web Access
(OWA) ...)
NOT-FOR-US: Exchange Server
CVE-2008-2246 (Microsoft Windows Vista through SP1 and Server 2008 do not
properly ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows Vista
CVE-2008-2245 (Heap-based buffer overflow in Microsoft Windows Image Color
Management ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows Image Color Management System (MSCMS)
CVE-2008-2244 (Microsoft Office Word 2002 SP3 allows remote attackers to
execute ...)
NOT-FOR-US: Microsoft Office Word
CVE-2008-2243
@@ -4997,11 +4997,11 @@
CVE-2008-1458 (Cross-site scripting (XSS) vulnerability in index.php in
CS-Cart 1.3.2 ...)
NOT-FOR-US: CS-Cart
CVE-2008-1457 (The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3,
Server ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows 2000
CVE-2008-1456 (Array index vulnerability in the Event System in Microsoft
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows 2000
CVE-2008-1455 (A "memory calculation error" in Microsoft Office
PowerPoint 2000 SP3, ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office PowerPoint
CVE-2008-1454 (Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4,
Server ...)
NOT-FOR-US: Windows issue
CVE-2008-1453 (The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and
Vista ...)
@@ -5015,7 +5015,7 @@
CVE-2008-1449
RESERVED
CVE-2008-1448 (The MHTML protocol handler in a component of Microsoft Outlook
Express ...)
- TODO: check
+ NOT-FOR-US: Microsoft Outlook Express
CVE-2008-1447 (The DNS protocol, as implemented in (1) BIND 8 and 9 before
9.5.0-P1, ...)
{DSA-1623-1 DSA-1619-1 DSA-1617-1 DSA-1603-1 DTSA-147-1}
- bind9 1:9.5.0.dfsg-5 (high)
@@ -6223,9 +6223,9 @@
CVE-2008-0966
RESERVED
CVE-2008-0965 (Unspecified vulnerability in snoop on Sun Solaris 8 through 10
and ...)
- TODO: check
+ NOT-FOR-US: Sun Solaris and OpenSolaris
CVE-2008-0964 (Unspecified vulnerability in snoop on Sun Solaris 8 through 10
and ...)
- TODO: check
+ NOT-FOR-US: Sun Solaris and OpenSolaris
CVE-2008-0963 (Format string vulnerability in EMC DiskXtender MediaStor
6.20.060 ...)
NOT-FOR-US: EMC DiskXtender
CVE-2008-0962 (Stack-based buffer overflow in the File System Manager for EMC
...)
@@ -8236,9 +8236,9 @@
NOTE: The fix for the BIND-based resolver in GNU libc was made in 2000.
NOTE: libbind9 is distinct code, not related to the old libbind.
CVE-2008-0121 (A "memory calculation error" in Microsoft PowerPoint
Viewer 2003 ...)
- TODO: check
+ NOT-FOR-US: Microsoft PowerPoint Viewer
CVE-2008-0120 (A "memory allocation error" in Microsoft PowerPoint
Viewer 2003 allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft PowerPoint Viewer
CVE-2008-0119 (Unspecified vulnerability in Microsoft Publisher in Office 2000
and XP ...)
NOT-FOR-US: Microsoft Publisher
CVE-2008-0118 (Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3,
2003 ...)
@@ -8334,7 +8334,7 @@
CVE-2008-0083 (The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll)
...)
NOT-FOR-US: Microsoft Windows
CVE-2008-0082 (An ActiveX control (Messenger.UIAutomation.1) in Windows
Messenger 4.7 ...)
- TODO: check
+ NOT-FOR-US: Windows Messenger
CVE-2008-0081 (Unspecified vulnerability in Microsoft Excel 2000 SP3 through
2003 ...)
NOT-FOR-US: Microsoft
CVE-2008-0080 (Heap-based buffer overflow in the WebDAV Mini-Redirector in
Microsoft ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
