Author: stef-guest Date: 2006-08-20 08:56:39 +0000 (Sun, 20 Aug 2006) New Revision: 4603 Modified: data/CVE/list Log: - rails CVEified - new lesstif issue (low) - some NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-08-19 11:14:40 UTC (rev 4602) +++ data/CVE/list 2006-08-20 08:56:39 UTC (rev 4603) @@ -105,65 +105,65 @@ CVE-2006-4141 (SQL injection vulnerability in news.php in Virtual War (VWar) 1.5.0 ...) NOT-FOR-US: Virtual War (VWar) CVE-2006-4140 (Directory traversal vulnerability in IPCheck Server Monitor 5.3.2.609 ...) - TODO: check + NOT-FOR-US: IPCheck Server Monitor CVE-2006-4139 (Race condition in Sun Solaris 10 allows attackers to cause a denial of ...) NOT-FOR-US: Solaris CVE-2006-4138 (Multiple unspecified vulnerabilities in Microsoft Windows Help File ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2006-4137 (IBM WebSphere Application Server before 6.1.0.1 allows attackers to ...) NOT-FOR-US: IBM WebSphere CVE-2006-4136 (Multiple unspecified vulnerabilities in IBM WebSphere Application ...) NOT-FOR-US: IBM WebSphere CVE-2006-4135 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: Calendarix CVE-2006-4134 (Unspecified vulnerability related to a "design flaw" in SAP Internet ...) - TODO: check + NOT-FOR-US: SAP CVE-2006-4133 (Buffer overflow in SAP Internet Graphics Service (IGS) 6.40 and ...) - TODO: check + NOT-FOR-US: SAP CVE-2006-4132 (ArcSoft MMS Composer 1.5.5.6 and possibly earlier, and 2.0.0.13 and ...) - TODO: check + NOT-FOR-US: ArcSoft MMS Composer CVE-2006-4131 (Multiple buffer overflows in ArcSoft MMS Composer 1.5.5.6, and ...) - TODO: check + NOT-FOR-US: ArcSoft MMS Composer CVE-2006-4130 (PHP remote file inclusion vulnerability in admin.remository.php in the ...) - TODO: check + NOT-FOR-US: Remository Component (com_remository) for Mambo and Joomla! CVE-2006-4129 (PHP remote file inclusion vulnerability in admin.webring.docs.php in ...) - TODO: check + NOT-FOR-US: Webring Component (com_webring) for Joomla! CVE-2006-4128 (Multiple heap-based buffer overflows in Symantec VERITAS Backup Exec ...) NOT-FOR-US: Symantec VERITAS CVE-2006-4127 (Multiple format string vulnerabilities in DConnect Daemon 0.7.0 and ...) - TODO: check + NOT-FOR-US: DConnect Daemon (dcd) CVE-2006-4126 (The dc_chat function in cmd.dc.c in DConnect Daemon 0.7.0 and earlier ...) - TODO: check + NOT-FOR-US: DConnect Daemon (dcd) CVE-2006-4125 (Stack-based buffer overflow in main.c in DConnect Daemon 0.7.0 and ...) - TODO: check + NOT-FOR-US: DConnect Daemon (dcd) CVE-2006-4124 (The libXm library in LessTif 0.95.0 and earlier allows local users to ...) - TODO: check + - lesstif2 <unfixed> (bug #382411; low) CVE-2006-4123 (PHP remote file inclusion vulnerability in boitenews4/index.php in ...) - TODO: check + NOT-FOR-US: Boite de News CVE-2006-4122 (Simple one-file guestbook 1.0 and earlier allows remote attackers to ...) - TODO: check + NOT-FOR-US: Simple one-file guestbook CVE-2006-4121 (PHP remote file inclusion vulnerability in owimg.php3 in See-Commerce ...) - TODO: check + NOT-FOR-US: See-Commerce CVE-2006-4120 (Cross-site scripting (XSS) vulnerability in the Recipe module ...) - TODO: check + NOT-FOR-US: Recipe module (recipe.module) for Drupal CVE-2006-4119 (SQL injection vulnerability in gc.php in GeheimChaos 0.5 and earlier ...) - TODO: check + NOT-FOR-US: GeheimChaos CVE-2006-4118 (Multiple SQL injection vulnerabilities in GeheimChaos 0.5 and earlier ...) - TODO: check + NOT-FOR-US: GeheimChaos CVE-2006-4117 (The squeue_drain function in Sun Solaris 10, possibly only when run on ...) NOT-FOR-US: Solaris CVE-2006-4116 (Multiple stack-based buffer overflows in Lhaz before 1.32 allow ...) - TODO: check + NOT-FOR-US: Lhaz CVE-2006-4115 (PHP remote file inclusion vulnerability in common.inc.php in PgMarket ...) - TODO: check + NOT-FOR-US: PgMarket CVE-2006-4114 (SQL injection vulnerability in view_com.php in Nicolas Grandjean ...) - TODO: check + NOT-FOR-US: PHPMyRing CVE-2006-4113 (PHP remote file inclusion vulnerability in genpage-cgi.php in Brian ...) - TODO: check + NOT-FOR-US: hitweb CVE-2006-4112 (Unspecified vulnerability in the "dependency resolution mechanism" in ...) - TODO: check + - rails 1.1.6-1 (bug #382255; medium) CVE-2006-4111 (Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby ...) - TODO: check + - rails 1.1.5-1 (bug #382255; medium) CVE-2006-4110 (Apache 2.2.2, when running on Windows, allows remote attackers to read ...) NOT-FOR-US: Apache on Windows only CVE-2006-4109 (Cross-site scripting (XSS) vulnerability in Bibliography ...) @@ -177,7 +177,7 @@ CVE-2006-4105 (Cross-site scripting (XSS) vulnerability in Fill Threads Database ...) TODO: check CVE-2006-4104 (Cross-site scripting (XSS) vulnerability in admin.cgi in ...) - TODO: check + NOT-FOR-US: mojoGallery CVE-2006-4103 (PHP remote file inclusion vulnerability in article-raw.php in Jason ...) TODO: check CVE-2006-4102 (PHP remote file inclusion vulnerability in tpl.inc.php in Falko Timme ...) @@ -256,8 +256,6 @@ - gnutls11 <unfixed> (medium) - gnutls12 1.2.11-3 (medium) - gnutls13 1.4.2-1 (medium) -CVE-2006-XXXX [unspecified vulnerability in ruby on rails] - - rails 1.1.6-1 (bug #382255; medium) CVE-2006-4071 (Sign extension vulnerability in the createBrushIndirect function in ...) NOT-FOR-US: Microsoft CVE-2006-4070 (Format string vulnerability in Imendio Planner 0.13 allows ...)