Author: jmm-guest
Date: 2006-05-18 16:36:27 +0000 (Thu, 18 May 2006)
New Revision: 3965
Modified:
data/CVE/list
Log:
- some updates by Alec Berryman
- no-dsa for bind9-dos
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-05-18 15:48:10 UTC (rev 3964)
+++ data/CVE/list 2006-05-18 16:36:27 UTC (rev 3965)
@@ -27,6 +27,7 @@
CVE-2006-2347 (E-Business Designer (eBD) 3.1.4 and earlier allows remote
attackers to ...)
NOT-FOR-US: E-Business Designer
CVE-2006-2346 (vpopmail 5.4.14 and 5.4.15, with cleartext passwords enabled,
allows ...)
+ - vpopmail <not-affected> (vulnerability introduced in 5.4.14)
NOTE: Unable to reach CVS to determine if prior versions are affected
NOTE: Micah will return to this one
CVE-2006-2345 (Cross-site scripting (XSS) vulnerability in inc/elementz.php in
...)
@@ -109,25 +110,25 @@
CVE-2006-2308
RESERVED
CVE-2006-2307 (Cross-site scripting (XSS) vulnerability in Website Baker CMS
allows ...)
- TODO: check
+ NOT-FOR-US: Webiste Banker
CVE-2006-2306 (Cross-site scripting (XSS) vulnerability in moreinfo.asp in ...)
- TODO: check
+ NOT-FOR-US: EPublisherPro
CVE-2006-2305 (Multiple cross-site scripting (XSS) vulnerabilities in Jadu CMS
allow ...)
- TODO: check
+ NOT-FOR-US: Jadu
CVE-2006-2304 (Buffer overflow in DPRPCW32.DLL in Novell Client 4.83 SP3, 4.90
SP2 ...)
- TODO: check
+ NOT-FOR-US: Novell software for Windows
CVE-2006-2303 (Cross-Application Scripting (XAS) vulnerability in ICQ Client
5.04 ...)
- TODO: check
+ NOT-FOR-US: Windows ICQ client
CVE-2006-2302 (SQL injection vulnerability in admin_default.asp in DUGallery
2.x ...)
- TODO: check
+ NOT-FOR-US: DUGallery
CVE-2006-2301 (SQL injection vulnerability in admin_default.asp in OzzyWork
Galeri ...)
- TODO: check
+ NOT-FOR-US: OzzyWork
CVE-2006-2300 (Multiple SQL injection vulnerabilities in EImagePro allow remote
...)
- TODO: check
+ NOT-FOR-US: EImagePro
CVE-2006-2299
RESERVED
CVE-2006-2298 (The Internet Key Exchange version 1 (IKEv1) implementation in
the ...)
- TODO: check
+ NOT-FOR-US: Solaris
CVE-2006-2297 (Heap-based buffer overflow in Microsoft Infotech Storage System
...)
NOT-FOR-US: Microsoft Infotech Storage System
CVE-2006-2296 (SQL injection vulnerability in search_result.asp in
EDirectoryPro 2.0 ...)
@@ -602,7 +603,8 @@
CVE-2006-2074 (Unspecified vulnerability in Juniper Networks JUNOSe E-series
routers ...)
NOT-FOR-US: Juniper Networks JUNOSe
CVE-2006-2073 (Unspecified vulnerability in ISC BIND allows remote attackers to
cause ...)
- TODO: check
+ - bind9 <unfixed> (low)
+ [sarge] - bind9 <no-dsa> (Only exploitable by trusted users after TSIG
transaction)
CVE-2006-2072 (Multiple unspecified vulnerabilities in DeleGate 9.x before
9.0.6 and ...)
TODO: check
CVE-2005-4793 (Multiple unspecified vulnerabilities in the web utility function
in ...)
@@ -2631,7 +2633,7 @@
CVE-2006-1270 (Multiple cross-site scripting (XSS) vulnerabilities in zones.php
in ...)
NOT-FOR-US: Inprotect
CVE-2006-1269 (Buffer overflow in the parse function in parse.c in zoo 2.10
might ...)
- - zoo <unfixed> (low)
+ - zoo <unfixed> (bug #367858; low)
[sarge] - zoo <no-dsa> (Attack vector very far-fetched, hardly
exploitable)
CVE-2006-1268 (The Internet Key Exchange implementation in Funkwerk X2300 7.2.1
...)
NOT-FOR-US: Funkwerk X2300
@@ -3573,7 +3575,7 @@
NOT-FOR-US: SmE GB Host
CVE-2006-0855 (Stack-based buffer overflow in the fullpath function in misc.c
for zoo ...)
{DSA-991-1}
- - zoo <unfixed> (bug #354461)
+ - zoo 2.10-17 (bug #354461)
CVE-2006-0854 (PHP remote file inclusion vulnerability in common.php in
Intensive ...)
NOT-FOR-US: Intensive Point iUser Ecommerce
CVE-2006-0853 (Buffer overflow in the IMAP service of TrueNorth Internet
Anywhere ...)
@@ -7443,7 +7445,7 @@
{DSA-1018-1 DSA-1017-1}
- linux-2.6 2.6.12-6
CVE-2005-3856 (The Popular URL capability (popularurls.cpp) in Krusader 1.60.0
and ...)
- - krusader <unfixed> (bug #336169; low)
+ - krusader 1.70.0-1 (bug #336169; low)
CVE-2005-3855 (SQL injection vulnerability in process.php in 1-2-3 music store
allows ...)
NOT-FOR-US: 1-2-3 music store
CVE-2005-3854 (Cross-site scripting (XSS) vulnerability in index.php in
EasyPageCMS ...)