Author: alec-guest Date: 2006-05-20 13:17:58 +0000 (Sat, 20 May 2006) New Revision: 4000 Modified: data/CVE/list Log: * dia is vulnerable (low) * NFUs (it''s a good day not to be BEA) Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-05-20 13:03:00 UTC (rev 3999) +++ data/CVE/list 2006-05-20 13:17:58 UTC (rev 4000) @@ -24,49 +24,50 @@ CVE-2006-2481 RESERVED CVE-2006-2480 (Format string vulnerability in Dia 0.94 allows user-complicit ...) - TODO: check + NOTE: will file a bug when I finish testing the patch - alec + - dia <unfixed> (low) CVE-2006-2479 (The Update functionality in Bitrix Site Manager 4.1.x does not verify ...) - TODO: check + NOT-FOR-US: Bitrix CVE-2006-2478 (Bitrix Site Manager 4.1.x allows remote attackers to redirect users to ...) - TODO: check + NOT-FOR-US: Bitrix CVE-2006-2477 (Cross-site scripting (XSS) vulnerability in the administrative ...) - TODO: check + NOT-FOR-US: Bitrix CVE-2006-2476 (Bitrix Site Manager 4.1.x stores updater.log under the web document ...) - TODO: check + NOT-FOR-US: Bitrix CVE-2006-2475 (Directory traversal vulnerability in (1) edit_mailtexte.cgi and (2) ...) - TODO: check + NOT-FOR-US: Cosmoshop CVE-2006-2474 (SQL injection vulnerability in lshop.cgi in Cosmoshop 8.11.106 and ...) - TODO: check + NOT-FOR-US: Cosmoshop CVE-2006-2473 (Cross-site scripting (XSS) vulnerability in ow.asp in OpenWiki 0.78 ...) - TODO: check + NOT-FOR-US: OpenWiki CVE-2006-2472 (Unspecified vulnerability in BEA WebLogic Server 9.1 and 9.0, 8.1 ...) - TODO: check + NOT-FOR-US: BEA CVE-2006-2471 (Multiple vulnerabilities in BEA WebLogic Server 8.1 through SP4, 7.0 ...) - TODO: check + NOT-FOR-US: BEA CVE-2006-2470 (Unspecified vulnerability in the WebLogic Server Administration ...) - TODO: check + NOT-FOR-US: BEA CVE-2006-2469 (The HTTP handlers in BEA WebLogic Server 9.0, 8.1 up to SP5, 7.0 up to ...) - TODO: check + NOT-FOR-US: BEA CVE-2006-2468 (The WebLogic Server Administration Console in BEA WebLogic Server 8.1 ...) - TODO: check + NOT-FOR-US: BEA CVE-2006-2467 (BEA WebLogic Server 8.1 up to SP4, 7.0 up to SP6, and 6.1 up to SP7 ...) - TODO: check + NOT-FOR-US: BEA CVE-2006-2466 (BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote ...) - TODO: check + NOT-FOR-US: BEA CVE-2006-2465 (Buffer overflow in MP3Info 0.8.4 allows attackers to execute arbitrary ...) TODO: check CVE-2006-2464 (stopWebLogic.sh in BEA WebLogic Server 8.1 before Service Pack 4 and ...) - TODO: check + NOT-FOR-US: BEA CVE-2006-2463 (view_album.php in SelectaPix 1.31 and earlier allows remote attackers ...) - TODO: check + NOT-FOR-US: SelectaPix CVE-2006-2462 (BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service ...) - TODO: check + NOT-FOR-US: BEA CVE-2006-2461 (BEA WebLogic Server before 8.1 Service Pack 4 does not properly set ...) - TODO: check + NOT-FOR-US: BEA CVE-2006-2460 (Sugar Suite Open Source (SugarCRM) 4.2 and earlier, when ...) - TODO: check + NOT-FOR-US: SugarCRM CVE-2006-2459 (SQL injection vulnerability in messages.php in PHP-Fusion 6.00.307 and ...) - TODO: check + NOT-FOR-US: PHP-Fusion CVE-2006-2458 (Multiple heap-based buffer overflows in Libextractor 0.5.13 and ...) - libextractor 0.5.14-1 CVE-2006-2457