[Secure-testing-commits] r12670 - data/CVE

Giuseppe Iuculano Mon, 24 Aug 2009 00:01:31 -0700

Author: derevko-guest
Date: 2009-08-24 07:00:54 +0000 (Mon, 24 Aug 2009)
New Revision: 12670


Modified:
   data/CVE/list
Log:
- NFUs
- CVE-2009-2732: ntop DoS


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2009-08-24 01:48:47 UTC (rev 12669)
+++ data/CVE/list       2009-08-24 07:00:54 UTC (rev 12670)
@@ -1,34 +1,34 @@
 CVE-2009-2962
        REJECTED
-       TODO: check
+       NOT-FOR-US: duplicate of CVE-2009-2692
 CVE-2009-2925 (Directory traversal vulnerability in DJcalendar.cgi in 
DJCalendar ...)
-       TODO: check
+       NOT-FOR-US: DJCalendar
 CVE-2009-2924 (Multiple SQL injection vulnerabilities in Videos Broadcast 
Yourself 2 ...)
-       TODO: check
+       NOT-FOR-US: Videos Broadcast Yourself 2
 CVE-2009-2923 (Multiple directory traversal vulnerabilities in BitmixSoft 
PHP-Lance ...)
-       TODO: check
+       NOT-FOR-US: BitmixSoft PHP-Lance
 CVE-2009-2922 (Absolute path traversal vulnerability in pixaria.image.php in 
Pixaria ...)
-       TODO: check
+       NOT-FOR-US: Pixaria Gallery
 CVE-2009-2921 (Multiple SQL injection vulnerabilities in login.php in MOC 
Designs PHP ...)
-       TODO: check
+       NOT-FOR-US: MOC Designs PHP News
 CVE-2009-2920 (Multiple cross-site scripting (XSS) vulnerabilities in Elvin 
1.2.2 ...)
-       TODO: check
+       NOT-FOR-US: Elvin
 CVE-2009-2919 (Cross-site scripting (XSS) vulnerability in Boonex Orca 2.0 and 
2.0.2 ...)
-       TODO: check
+       NOT-FOR-US: Boonex Orca
 CVE-2009-2918 (The tgbvpn.sys driver in TheGreenBow IPSec VPN Client 4.61.003 
allows ...)
-       TODO: check
+       NOT-FOR-US: TheGreenBow IPSec VPN Client
 CVE-2009-2917 (Stack-based buffer overflow in ImTOO MPEG Encoder 3.1.53 allows 
remote ...)
-       TODO: check
+       NOT-FOR-US: ImTOO MPEG Encoder
 CVE-2009-2916 (Format string vulnerability in the CNS_AddTxt function in 
logs.dll in ...)
-       TODO: check
+       NOT-FOR-US: 2K Games Vietcong
 CVE-2009-2915 (SQL injection vulnerability in 2fly_gift.php in 2FLY Gift 
Delivery ...)
-       TODO: check
+       NOT-FOR-US: 2FLY Gift Delivery System
 CVE-2009-2914 (Cross-site scripting (XSS) vulnerability in index.php in XZero 
...)
-       TODO: check
+       NOT-FOR-US: XZero Community Classified
 CVE-2009-2913 (Cross-site scripting (XSS) vulnerability in index.php in XZero 
...)
-       TODO: check
+       NOT-FOR-US: XZero Community Classified
 CVE-2009-2912 (The (1) sendfile and (2) sendfilev functions in Sun Solaris 8 
through ...)
-       TODO: check
+       NOT-FOR-US: Sun Solaris
 CVE-2009-2911
        RESERVED
 CVE-2009-2910
@@ -60,37 +60,37 @@
 CVE-2009-2897
        RESERVED
 CVE-2009-2896 (Buffer overflow in KMplayer 2.9.4.1433 and earlier allows 
remote ...)
-       TODO: check
+       NOT-FOR-US: KMPlayer: http://www.kmplayer.com
 CVE-2009-2895 (SQL injection vulnerability in rss.php in Ultimate Regnow 
Affiliate ...)
-       TODO: check
+       NOT-FOR-US: Ultimate Regnow Affiliate
 CVE-2009-2894 (Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow 
remote ...)
-       TODO: check
+       NOT-FOR-US: Ebay Clone 2009
 CVE-2009-2893 (Multiple cross-site scripting (XSS) vulnerabilities in 
index.php in ...)
-       TODO: check
+       NOT-FOR-US: XZero Community Classifieds
 CVE-2009-2892 (Multiple SQL injection vulnerabilities in header.php in 
Scripteen Free ...)
-       TODO: check
+       NOT-FOR-US: Scripteen Free Image Hosting Script
 CVE-2009-2891 (SQL injection vulnerability in list.php in PHP Scripts Now 
Riddles ...)
-       TODO: check
+       NOT-FOR-US: PHP Scripts Now Riddles 
 CVE-2009-2890 (Cross-site scripting (XSS) vulnerability in results.php in PHP 
Scripts ...)
-       TODO: check
+       NOT-FOR-US: PHP Scripts Now Riddles 
 CVE-2009-2889 (Cross-site scripting (XSS) vulnerability in index.php in PHP 
Scripts ...)
-       TODO: check
+       NOT-FOR-US: PHP Scripts Now Riddles 
 CVE-2009-2888 (SQL injection vulnerability in index.php in PHP Scripts Now 
Hangman ...)
-       TODO: check
+       NOT-FOR-US: PHP Scripts Now Hangman
 CVE-2009-2887 (Cross-site scripting (XSS) vulnerability in bios.php in PHP 
Scripts ...)
-       TODO: check
+       NOT-FOR-US: PHP Scripts Now President Bios 
 CVE-2009-2886 (SQL injection vulnerability in bios.php in PHP Scripts Now 
President ...)
-       TODO: check
+       NOT-FOR-US: PHP Scripts Now President
 CVE-2009-2885 (SQL injection vulnerability in bios.php in PHP Scripts Now 
World's ...)
-       TODO: check
+       NOT-FOR-US: PHP Scripts Now World's
 CVE-2009-2884 (Cross-site scripting (XSS) vulnerability in bios.php in PHP 
Scripts ...)
-       TODO: check
+       NOT-FOR-US: PHP Scripts Now World's Tallest Buildings
 CVE-2009-2883 (SQL injection vulnerability in admin/login.php in SaphpLesson 
4.0, ...)
-       TODO: check
+       NOT-FOR-US: SaphpLesson
 CVE-2009-2882 (Multiple cross-site scripting (XSS) vulnerabilities in PG 
MatchMaking ...)
-       TODO: check
+       NOT-FOR-US: PG MatchMaking
 CVE-2009-2881 (Multiple SQL injection vulnerabilities in Basilic 1.5.13 allow 
remote ...)
-       TODO: check
+       NOT-FOR-US: Basilic
 CVE-2009-XXXX [BackupPC ClientNameAlias ssh rsync backup security bypass]
        - backuppc <unfixed> (low; bug #542218)
        NOTE: no-dsa candidate
@@ -600,7 +600,8 @@
 CVE-2009-2733
        RESERVED
 CVE-2009-2732 (The checkHTTPpassword function in http.c in ntop 3.3.10 and 
earlier ...)
-       TODO: check
+       - ntop <unfixed> (low; bug #543312)
+       NOTE: no-dsa candidate
 CVE-2009-2731
        RESERVED
 CVE-2009-2730 (libgnutls in GnuTLS before 2.8.2 does not properly handle a 
'\0' ...)
@@ -7650,7 +7651,7 @@
 CVE-2005-4878 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
        - acidbase 1.2.1-1
 CVE-2009-0638 (The Cisco Firewall Services Module (FWSM) 2.x, 3.1 before 
3.1(16), 3.2 ...)
-       TODO: check
+       NOT-FOR-US: Cisco Firewall Services Module
 CVE-2009-0637 (The SCP server in Cisco IOS 12.2 through 12.4, when Role-Based 
CLI ...)
        NOT-FOR-US: Cisco IOS
 CVE-2009-0636 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when 
SIP ...)
@@ -22782,7 +22783,6 @@
        NOTE: The blog has to provide user accounts
        NOTE: A crafted XML-RPC request referring to a valid user can exploit 
this
        TODO: check if packages embedding xmlrpc share this code
-       TODO: DSA-1601-1 introduced a regression in the etch version (#491846). 
That patch should be removed in the next DSA.
 CVE-2008-0553 (Stack-based buffer overflow in the ReadImage function in 
tkImgGIF.c in ...)
        {DSA-1598-1 DSA-1491-1 DSA-1490-1 DTSA-140-1}
        - tk8.5 8.5.0-3


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r12670 - data/CVE

Reply via email to