Author: enerv-guest Date: 2007-01-27 21:33:33 +0100 (Sat, 27 Jan 2007) New Revision: 5359 Modified: data/CVE/list Log: some NFUs. Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-01-27 20:11:54 UTC (rev 5358) +++ data/CVE/list 2007-01-27 20:33:33 UTC (rev 5359) @@ -618,15 +618,15 @@ CVE-2006-6939 (GNU ed before 0.3 allows local users to overwrite arbitrary files via ...) - ed 0.2-19 CVE-2006-6938 (Directory traversal vulnerability in includes/common.php in NitroTech ...) - TODO: check + NOT-FOR-US: NitroTech CMS CVE-2006-6937 (SQL injection vulnerability in displaypic.asp in Xtreme ASP Photo ...) NOT-FOR-US: ASP Photo Gallery CVE-2006-6936 (Cross-site scripting (XSS) vulnerability in Xtreme ASP Photo Gallery ...) NOT-FOR-US: ASP Photo Gallery CVE-2006-6935 (SQL injection vulnerability in the login component in Portix-PHP 0.4.2 ...) - TODO: check + NOT-FOR:US: Portix CVE-2006-6934 (Multiple cross-site scripting (XSS) vulnerabilities in Portix-PHP ...) - TODO: check + NOT-FOR-US: Portix CVE-2006-6933 (Easy Chat Server 2.1 stores sensitive information under the web root ...) NOT-FOR-US: Easy Chat Server CVE-2006-6932 (Multiple SQL injection vulnerabilities in Image Gallery with Access ...) @@ -643,15 +643,15 @@ CVE-2006-6927 (Multiple SQL injection vulnerabilities in Rialto 1.6 allow remote ...) NOT-FOR-US: Rialto CVE-2006-6926 (Buffer overflow in eXtremail 2.1 has unknown impact and attack ...) - TODO: check + NOT-FOR-US: eXtremail CVE-2006-6925 (Multiple cross-site scripting (XSS) vulnerabilities in bitweaver 1.3.1 ...) - TODO: check + NOT-FOR-US: bitweaver CVE-2006-6924 (bitweaver 1.3.1 and earlier allows remote attackers to obtain ...) - TODO: check + NOT-FOR-US: bitweaver CVE-2006-6923 (SQL injection vulnerability in newsletters/edition.php in bitweaver ...) - TODO: check + NOT-FOR-US: bitweaver CVE-2006-6922 (SQL injection vulnerability in Deadlock User Management System ...) - TODO: check + NOT-FOR-US: Deadlock CVE-2006-6921 (Unspecified versions of the Linux kernel allows local users to cause a ...) - linux-2.6 <unfixed> (low) CVE-2005-4823 (Buffer overflow in the HP HTTP Server 5.0 through 5.95 of the HP ...) @@ -936,12 +936,12 @@ CVE-2007-0097 (Multiple stack-based buffer overflows in the (1) LoadTree and (2) ...) NOT-FOR-US: ConeXware PowerArchive CVE-2007-0096 (CarbonCommunities stores sensitive information under the web root with ...) - TODO: check + NOT-FOR-US: Carbon Communities CVE-2007-0095 (phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive ...) - phpmyadmin <unfixed> (bug #399329; unimportant) NOTE: Only path disclosure CVE-2007-0094 (Sven Moderow GuestBook 0.3a stores sensitive information under the web ...) - TODO: check + NOT-FOR-US: Sven Moderow GuestBook CVE-2007-0093 (SQL injection vulnerability in page.php in Simple Web Content ...) TODO: check CVE-2007-0092 (SQL injection vulnerability in productdetail.asp in E-SMARTCART 1.0 ...) @@ -1011,11 +1011,11 @@ CVE-2007-0060 RESERVED CVE-2007-0059 (Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 ...) - TODO: check + NOT-FOR-US: Apple Quicktime CVE-2007-0058 (Cisco Clean Access (CCA) 3.5.x through 3.5.9 and 3.6.x through 3.6.1.1 ...) - TODO: check + NOT-FOR-US: Cisco CVE-2007-0057 (Cisco Clean Access (CCA) 3.6.x through 3.6.4.2 and 4.0.x through ...) - TODO: check + NOT-FOR-US: Cisco CVE-2007-0056 (Multiple cross-site scripting (XSS) vulnerabilities in AShop Deluxe ...) TODO: check CVE-2007-0055 (Directory traversal vulnerability in formbankcgi.exe/AbfrageForm in ...) @@ -1027,7 +1027,7 @@ CVE-2007-0052 (SQL injection vulnerability in haberdetay.asp in Vizayn Haber allows ...) TODO: check CVE-2007-0051 (Format string vulnerability in Apple iPhoto 6.0.5 (316), and possibly ...) - TODO: check + NOT-FOR-US: Apple iPhoto CVE-2006-6910 (formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO ...) TODO: check CVE-2006-6909 (Stack-based buffer overflow in http.c in Karl Dahlke Edbrowse (aka ...)