Author: stef-guest Date: 2006-04-19 17:57:42 +0000 (Wed, 19 Apr 2006) New Revision: 3831 Modified: data/CVE/list Log: some more NFUs; bugnum Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-04-19 17:26:00 UTC (rev 3830) +++ data/CVE/list 2006-04-19 17:57:42 UTC (rev 3831) @@ -619,7 +619,7 @@ CVE-2006-1591 (Heap-based buffer overflow in Microsoft Windows Help winhlp32.exe ...) NOT-FOR-US: Microsoft Windows Help CVE-2006-1590 (Cross-site scripting (XSS) vulnerability in the PrintFreshPage ...) - - acidbase <unfixed> (bug filed) + - acidbase <unfixed> (bug #363548) - acidlab <unfixed> (bug filed) CVE-2006-1589 (The elf_load_file function in NetBSD 2.0 through 3.0 allows local ...) NOT-FOR-US: NetBSD kernel @@ -712,7 +712,7 @@ CVE-2006-1552 (ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to ...) NOT-FOR-US: Apple CVE-2006-1551 (Eval injection vulnerability in pajax_call_dispatcher.php in PAJAX ...) - TODO: check + NOT-FOR-US: PAJAX CVE-2006-1549 (PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation ...) - php4 <unfixed> (bug #361854) - php5 <unfixed> (bug #361917) @@ -1022,9 +1022,9 @@ CVE-2006-1438 (Multiple cross-site scripting (XSS) vulnerabilities in Andy''s PHP ...) NOT-FOR-US: aphpkb CVE-2006-1437 (UPOINT @1 Event Publisher stores sensitive information under the web ...) - TODO: check + NOT-FOR-US: UPOINT CVE-2006-1436 (Multiple cross-site scripting (XSS) vulnerabilities in UPOINT @1 Event ...) - TODO: check + NOT-FOR-US: UPOINT CVE-2006-1435 (Cross-site scripting (XSS) vulnerability in genmessage.php in ...) NOT-FOR-US: Accounting Receiving and Inventory Administration (ARIA), different from debian aria CVE-2006-1434 (Cross-site scripting (XSS) vulnerability in inscription.php in ...) @@ -2342,6 +2342,7 @@ - mantis <unfixed> CVE-2006-0839 (The frag3 preprocessor in Sourcefire Snort 2.4.3 does not properly ...) TODO: check + NOTE: frag3 is only in 2.4, currently there is 2.3.3 in sid CVE-2006-0838 (IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 stores cleartext ...) NOT-FOR-US: Tivoli CVE-2006-0837 (IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 has world-readable ...) @@ -2349,35 +2350,35 @@ CVE-2006-0836 (Mozilla Thunderbird 1.5 allows user-complicit attackers to cause an ...) - mozilla-thunderbird <unfixed> CVE-2006-0835 (SQL injection vulnerability in dropbase.php in MitriDAT Web Calendar ...) - TODO: check + NOT-FOR-US: MitriDAT Web Calendar CVE-2006-0834 (Uniden UIP1868P VoIP Telephone and Router has a default password of ...) - TODO: check + NOT-FOR-US: Uniden UIP1868P VoIP Telephone CVE-2006-0833 (Multiple cross-site scripting (XSS) vulnerabilities in Barracuda ...) - TODO: check + NOT-FOR-US: Barracuda Directory CVE-2006-0832 (Multiple SQL injection vulnerabilities in admin.asp in WPC.easy allow ...) - TODO: check + NOT-FOR-US: WPC.easy CVE-2006-0831 (PHP remote file include vulnerability in index.php in Tasarim Rehberi ...) - TODO: check + NOT-FOR-US: Tasarim Rehberi CVE-2006-0830 (The scripting engine in Internet Explorer allows remote attackers to ...) NOT-FOR-US: Microsoft CVE-2006-0829 (Cross-site scripting vulnerability in E-Blah Platinum 9.7 allows ...) - TODO: check + NOT-FOR-US: E-Blah Platinum CVE-2006-0828 (Unspecified vulnerability in ESS/ Network Controller and MicroServer ...) - TODO: check + NOT-FOR-US: Xerox WorkCentre / ESS/ Network Controller CVE-2006-0827 (Cross-site scripting vulnerability in ESS/ Network Controller and ...) - TODO: check + NOT-FOR-US: Xerox WorkCentre / ESS/ Network Controller CVE-2006-0826 (Unspecified vulnerability in ESS/ Network Controller and MicroServer ...) - TODO: check + NOT-FOR-US: Xerox WorkCentre / ESS/ Network Controller CVE-2006-0825 (Multiple unspecified vulnerabilities in ESS/ Network Controller and ...) - TODO: check + NOT-FOR-US: Xerox WorkCentre / ESS/ Network Controller CVE-2006-0824 (Multiple unspecified vulnerabilities in lib-common.php in Geeklog ...) - TODO: check + NOT-FOR-US: Geeklog CVE-2006-0823 (Multiple SQL injection vulnerabilities in Geeklog 1.4.0 before ...) - TODO: check + NOT-FOR-US: Geeklog CVE-2006-0822 (Unspecified vulnerability in EmuLinker Kaillera Server before 0.99.17 ...) - TODO: check + NOT-FOR-US: EmuLinker Kaillera Server CVE-2006-0821 (SQL injection vulnerability in index.php in BXCP 0.299 allows remote ...) - TODO: check + NOT-FOR-US: BXCP CVE-2006-0820 (Cross-site scripting (XSS) vulnerability in Dwarf HTTP Server 1.3.2 ...) TODO: check CVE-2006-0819 (Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the source ...)