Author: jmm-guest Date: 2006-04-04 15:38:09 +0000 (Tue, 04 Apr 2006) New Revision: 3747 Modified: data/CVE/list Log: bsdgames not-affected NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-04-04 15:05:13 UTC (rev 3746) +++ data/CVE/list 2006-04-04 15:38:09 UTC (rev 3747) @@ -119,36 +119,34 @@ - libstruts1.2-java <unfixed> (bug #360551) CVE-2006-1546 (Apache Software Foundation (ASF) Struts before 1.2.9 allows remote ...) - libstruts1.2-java <unfixed> (bug #360551) -begin claimed by jmm CVE-2006-1545 (Direct static code injection vulnerability in admin/config.php in ...) - TODO: check + NOT-FOR-US: VNews CVE-2006-1544 (Multiple cross-site scripting (XSS) vulnerabilities in news.php in ...) - TODO: check + NOT-FOR-US: VNews CVE-2006-1543 (Multiple SQL injection vulnerabilities in vscripts (aka Kuba ...) - TODO: check + NOT-FOR-US: VNews CVE-2006-1542 (Stack-based buffer overflow in Python 2.4.2 and earlier, running on ...) - TODO: check + TODO: check further CVE-2006-1541 (SQL injection vulnerability in Default.asp in EzASPSite 2.0 RC3 and ...) - TODO: check + NOT-FOR-US: EzASPSite CVE-2006-1540 (Microsoft Office 2002 (aka Office XP) allows user-complicit attackers ...) NOT-FOR-US: Microsoft CVE-2006-1539 (Multiple buffer overflows in the checkscores function in scores.c in ...) - TODO: check + - bsdgames <not-affected> (Gentoo specific flaw) CVE-2006-1538 (The Enova X-Wall ASIC encrypts with a key obtained via Microwire from ...) - TODO: check + NOT-FOR-US: Enova X-Wall ASIC CVE-2006-1537 (Craig Knudsen WebCalendar 1.1.0-CVS allows remote attackers to obtain ...) - TODO: check + NOT-FOR-US: Craig Knudsen WebCalendar CVE-2006-1536 (Multiple SQL injection vulnerabilities in Phoetux.net PhxContacts ...) - TODO: check + NOT-FOR-US: Phoetux.net PhxContacts CVE-2006-1535 (Cross-site scripting (XSS) vulnerability in login.php in Phoetux.net ...) - TODO: check + NOT-FOR-US: Phoetux.net PhxContacts CVE-2006-1534 (Multiple SQL injection vulnerabilities in Null news allow remote ...) - TODO: check + NOT-FOR-US: Null news CVE-2006-1533 (SQL injection vulnerability in newsletter.php in Sourceworkshop ...) - TODO: check + NOT-FOR-US: Sourceworkshop newsletter CVE-2006-1532 (Cross-site scripting (XSS) vulnerability in search.php in PHP ...) - TODO: check -end claimed by jmm + NOT-FOR-US: PHP Classifieds CVE-2006-1531 RESERVED CVE-2006-1530 @@ -193,6 +191,7 @@ NOT-FOR-US: Microsoft CVE-2006-1510 (Buffer overflow in calloc.c in the Microsoft Windows XP SP2 ntdll.dll ...) NOT-FOR-US: Microsoft +begin claimed by jmm CVE-2006-1509 (/sbin/passwd in HP-UX B.11.00, B.11.11, and B.11.23 before 20060326 ...) TODO: check CVE-2006-1508 (Multiple cross-site scripting (XSS) vulnerabilities in MH Software ...) @@ -231,6 +230,7 @@ TODO: check CVE-2005-4748 (PHP remote file include vulnerability in functions_admin.php in ...) TODO: check +end claimed by jmm CVE-2006-XXXX [unixodbc rpath set to /home] - unixodbc 2.2.11-11 (bug #358142; low) [sarge] - unixodbc <not-affected> (rpath not set to /home in Sarge)