Author: stef-guest Date: 2006-09-21 21:57:25 +0000 (Thu, 21 Sep 2006) New Revision: 4755 Modified: data/CVE/list Log: some NFUs, one moodle issue already fixed Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-09-21 21:36:36 UTC (rev 4754) +++ data/CVE/list 2006-09-21 21:57:25 UTC (rev 4755) @@ -1,43 +1,43 @@ CVE-2006-4923 (Cross-site scripting (XSS) vulnerability in search.php in eSyndiCat ...) - TODO: check + NOT-FOR-US: eSyndiCat Portal System CVE-2006-4922 (Unrestricted file upload vulnerability in ...) - TODO: check + NOT-FOR-US: Site@School CVE-2006-4921 (PHP remote file inclusion vulnerability in Site@School (S@S) 2.4.03 ...) - TODO: check + NOT-FOR-US: Site@School CVE-2006-4920 (Multiple PHP remote file inclusion vulnerabilities in Site@School ...) - TODO: check + NOT-FOR-US: Site@School CVE-2006-4919 (Directory traversal vulnerability in ...) - TODO: check + NOT-FOR-US: Site@School CVE-2006-4918 (Multiple PHP remote file inclusion vulnerabilities in Simple ...) - TODO: check + NOT-FOR-US: Simple Discussion Board CVE-2006-4917 (Cross-site scripting (XSS) vulnerability in search.php in PT News ...) - TODO: check + NOT-FOR-US: PT News CVE-2006-4916 (SQL injection vulnerability in uye_profil.asp in Tekman Portal (TR) ...) - TODO: check + NOT-FOR-US: Tekman Portal CVE-2006-4915 (Cross-site scripting (XSS) vulnerability in index.php in Innovate ...) - TODO: check + NOT-FOR-US: Innovate Portal CVE-2006-4914 (Directory traversal vulnerability in A.l-Pifou 1.8p2 allows remote ...) - TODO: check + NOT-FOR-US: A.l-Pifou CVE-2006-4913 (Directory traversal vulnerability in chat/getStartOptions.php in ...) - TODO: check + NOT-FOR-US: AlstraSoft E-friends CVE-2006-4912 (PHP remote file inclusion vulnerability in PHP DocWriter 0.3 and ...) - TODO: check + NOT-FOR-US: PHP DocWriter CVE-2006-4911 (Unspecified vulnerability in Cisco IPS 5.0 before 5.0(6p2) and 5.1 ...) - TODO: check + NOT-FOR-US: Cisco CVE-2006-4910 (The web administration interface (mainApp) to Cisco IDS before ...) - TODO: check + NOT-FOR-US: Cisco CVE-2006-4909 (Cross-site scripting (XSS) vulnerability in Cisco Guard DDoS ...) - TODO: check + NOT-FOR-US: Cisco CVE-2006-4908 (OSU 3.11alpha and 3.10a allows remote attackers to obtain sensitive ...) - TODO: check + NOT-FOR-US: OSU CVE-2006-4907 (OSU 3.11alpha and 3.10a allows remote attackers to obtain sensitive ...) - TODO: check + NOT-FOR-US: OSU CVE-2006-4906 (SQL injection vulnerability in modules/calendar/week.php in ...) - TODO: check + NOT-FOR-US: More.groupware CVE-2006-4905 (PHP remote file inclusion vulnerability in index.php in Artmedic Links ...) - TODO: check + NOT-FOR-US: Artmedic Links CVE-2006-4904 (Dynamic variable evaluation vulnerability in cmpi.php in Qualiteam ...) - TODO: check + NOT-FOR-US: X-Cart CVE-2006-4903 RESERVED CVE-2006-4902 @@ -49,100 +49,100 @@ CVE-2006-4899 RESERVED CVE-2006-4898 (PHP remote file inclusion vulnerability in include/phpxd/phpXD.php in ...) - TODO: check + NOT-FOR-US: guanxiCRM CVE-2006-4897 (CMtextS 1.0 and earlier stores users_logins/admin.txt under the web ...) - TODO: check + NOT-FOR-US: CMtextS CVE-2006-4896 (SQL injection vulnerability in blog/edit.php in Moodle 1.6.1+, and ...) - TODO: check + - moodle 1.6.2-1 (bug #387177) CVE-2006-4895 (IDevSpot NexieAffiliate 1.9 and earlier allows remote attackers to ...) - TODO: check + NOT-FOR-US: IDevSpot NexieAffiliate CVE-2006-4894 (Cross-site scripting (XSS) vulnerability in forms/lostpassword.php in ...) - TODO: check + NOT-FOR-US: IDevSpot NexieAffiliate CVE-2006-4893 (PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: phpBB XS CVE-2006-4892 (SQL injection vulnerability in faqview.asp in Techno Dreams FAQ ...) - TODO: check + NOT-FOR-US: Techno Dreams FAQ CVE-2006-4891 (SQL injection vulnerability in ArticlesTableview.asp in Techno Dreams ...) - TODO: check + NOT-FOR-US: Techno Dreams CVE-2006-4890 (Multiple PHP remote file inclusion vulnerabilities in UNAK-CMS 1.5 and ...) - TODO: check + NOT-FOR-US: UNAK-CMS CVE-2006-4889 (Multiple PHP remote file inclusion vulnerabilities in Telekorn ...) - TODO: check + NOT-FOR-US: Telekorn SignKorn Guestbook CVE-2006-4888 (Microsoft Internet Explorer 6 and earlier allows remote attackers to ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2006-4887 (Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop ...) - TODO: check + NOT-FOR-US: Apple CVE-2006-4886 (The VirusScan On-Access Scan component in McAfee VirusScan Enterprise ...) - TODO: check + NOT-FOR-US: McAfee CVE-2006-4885 (PHP remote file inclusion vulnerability in Shadowed Portal 5.599 and ...) - TODO: check + NOT-FOR-US: Shadowed Portal CVE-2006-4884 (Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot ...) - TODO: check + NOT-FOR-US: IDevSpot iSupport CVE-2006-4883 (Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot ...) - TODO: check + NOT-FOR-US: IDevSpot BizDirectory CVE-2006-4882 (SQL injection vulnerability in Review.asp in Julian Roberts Charon ...) - TODO: check + NOT-FOR-US: Cart 3 CVE-2006-4881 (Multiple cross-site scripting (XSS) vulnerabilities in David Bennett ...) - TODO: check + NOT-FOR-US: PHP-Post (PHPp) CVE-2006-4880 (David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers ...) - TODO: check + NOT-FOR-US: PHP-Post (PHPp) CVE-2006-4879 (SQL injection vulnerability in profile.php in David Bennett PHP-Post ...) - TODO: check + NOT-FOR-US: PHP-Post (PHPp) CVE-2006-4878 (Directory traversal vulnerability in footer.php in David Bennett ...) - TODO: check + NOT-FOR-US: PHP-Post (PHPp) CVE-2006-4877 (Variable overwrite vulnerability in David Bennett PHP-Post (PHPp) 1.0 ...) - TODO: check + NOT-FOR-US: PHP-Post (PHPp) CVE-2006-4876 (Multiple SQL injection vulnerabilities in Jupiter CMS allow remote ...) - TODO: check + NOT-FOR-US: Jupiter CMS CVE-2006-4875 (Unrestricted file upload vulnerability in ...) - TODO: check + NOT-FOR-US: Jupiter CMS CVE-2006-4874 (Multiple cross-site scripting (XSS) vulnerabilities in Jupiter CMS ...) - TODO: check + NOT-FOR-US: Jupiter CMS CVE-2006-4873 (Jupiter CMS allows remote attackers to obtain sensitive information ...) - TODO: check + NOT-FOR-US: Jupiter CMS CVE-2006-4872 (SQL injection vulnerability in search.asp in Keyvan1 (aka Keyvan ...) - TODO: check + NOT-FOR-US: ECardPro CVE-2006-4871 (SQL injection vulnerability in search_run.asp in Keyvan1 (aka Keyvan ...) - TODO: check + NOT-FOR-US: EShoppingPro CVE-2006-4870 (Multiple PHP remote file inclusion vulnerabilities in AEDating 4.1, ...) - TODO: check + NOT-FOR-US: AEDating CVE-2006-4869 (PHP remote file inclusion vulnerability in phpunity-postcard.php in ...) - TODO: check + NOT-FOR-US: phpunity.postcard CVE-2006-4868 (Stack-based buffer overflow in Microsoft Internet Explorer 6.0 on ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2006-4867 (SQL injection vulnerability in mods.php in GNUTurk 2G and earlier ...) - TODO: check + NOT-FOR-US: GNUTurk CVE-2006-4866 (Buffer overflow in kextload in Apple OS X, as used by TDIXSupport in ...) - TODO: check + NOT-FOR-US: Apple CVE-2006-4865 (Walter Beschmout PhpQuiz allows remote attackers to obtain sensitive ...) - TODO: check + NOT-FOR-US: PhpQuiz CVE-2006-4864 (PHP remote file inclusion vulnerability in index.php in All Enthusiast ...) - TODO: check + NOT-FOR-US: ReviewPost CVE-2006-4863 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: mcLinksCounter CVE-2006-4862 (SQL injection vulnerability in default.aspx in easypage allows remote ...) - TODO: check + NOT-FOR-US: easypage CVE-2006-4861 (SQL injection vulnerability in loginprocess.asp in Mohammed Mehdi ...) - TODO: check + NOT-FOR-US: Complain Center CVE-2006-4860 (Multiple unspecified vulnerabilities in (1) index.php, (2) ...) - TODO: check + NOT-FOR-US: Limbo CVE-2006-4859 (Unrestricted file upload vulnerability in contact.html.php in the ...) - TODO: check + NOT-FOR-US: Limbo CVE-2006-4858 (PHP remote file inclusion vulnerability in install.serverstat.php in ...) - TODO: check + NOT-FOR-US: Serverstat (com_serverstat) component for Mambo CVE-2006-4857 (SQL injection vulnerability in default.asp (aka the login page) in ...) - TODO: check + NOT-FOR-US: ClickBlog CVE-2006-4856 (Multiple cross-site scripting (XSS) vulnerabilities in Roller ...) - TODO: check + NOT-FOR-US: WebLogger CVE-2006-4855 (The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 ...) - TODO: check + NOT-FOR-US: Symantec CVE-2006-4854 REJECTED - TODO: check + NOT-FOR-US: Microsoft CVE-2006-4853 (SQL injection vulnerability in kategorix.asp in Haberx 1.02 through ...) - TODO: check + NOT-FOR-US: Haberx CVE-2006-4852 (SQL injection vulnerability in browse.asp in QuadComm Q-Shop 3.5 ...) - TODO: check + NOT-FOR-US: QuadComm Q-Shop CVE-2006-4851 (PHP remote file inclusion vulnerability in ...) TODO: check CVE-2006-4850 (PHP remote file inclusion vulnerability in ...)