Author: jmm-guest Date: 2006-02-18 12:55:28 +0000 (Sat, 18 Feb 2006) New Revision: 3506 Modified: data/CVE/list Log: postgres fixed unimportant postgres issues new firefox issues NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-02-17 20:19:47 UTC (rev 3505) +++ data/CVE/list 2006-02-18 12:55:28 UTC (rev 3506) @@ -81,7 +81,6 @@ TODO: check CVE-2006-0697 (Zen Cart before 1.2.7 does not protect the admin/includes directory, ...) TODO: check -begin claimed by jmm CVE-2006-0696 (SQL injection vulnerability in Zen Cart before 1.2.7 allows remote ...) TODO: check CVE-2006-0695 (Ansilove before 1.03 does not filter uploaded file extensions, which ...) @@ -93,50 +92,53 @@ CVE-2006-0692 (Multiple SQL injection vulnerabilities in Carey Briggs PHP/MYSQL ...) TODO: check CVE-2006-0691 (edituser.php in TTS Time Tracking Software 3.0 does not verify that ...) - TODO: check + NOT-FOR-US: TTS Time Tracking Software CVE-2006-0690 (Multiple SQL injection vulnerabilities in TTS Time Tracking Software ...) - TODO: check + NOT-FOR-US: TTS Time Tracking Software CVE-2006-0689 (Cross-site scripting (XSS) vulnerability in the Registration Form in ...) - TODO: check + NOT-FOR-US: TTS Time Tracking Software CVE-2006-0688 (PHP remote file include vulnerability in application.php in ...) - TODO: check + NOT-FOR-US: nicecoder.com indexu CVE-2006-0687 (process.php in DocMGR 0.54.2 does not initialize the $siteModInfo ...) - TODO: check + NOT-FOR-US: DocMGR CVE-2006-0686 (add_user.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and ...) - TODO: check + NOT-FOR-US: Virtual Hosting Control System CVE-2006-0685 (The check_login function in login.php in Virtual Hosting Control ...) - TODO: check + NOT-FOR-US: Virtual Hosting Control System CVE-2006-0684 (change_password.php in Virtual Hosting Control System (VHCS) 2.4.7.1 ...) - TODO: check + NOT-FOR-US: Virtual Hosting Control System CVE-2006-0683 (Cross-site scripting (XSS) vulnerability in Virtual Hosting Control ...) - TODO: check + NOT-FOR-US: Virtual Hosting Control System CVE-2006-0682 (Multiple cross-site scripting (XSS) vulnerabilities in bbcodes system ...) - TODO: check + NOT-FOR-US: e107 CVE-2006-0681 (Format string vulnerability in powerd.c in Power Daemon (powerd) 2.0.2 ...) TODO: check CVE-2006-0680 (Unspecified vulnerability in WebGUI before 6.8.6-gamma allows remote ...) - TODO: check + NOT-FOR-US: WebGUI CVE-2006-0679 RESERVED CVE-2006-0678 (PostgreSQL 7.3.x before 7.3.14, 7.4.x before 7.4.12, 8.0.x before ...) - TODO: check + NOTE: Only vulnerable when compiled with asserts + - postgresql <unfixed> (unimportant) + - postgresql-8.0 8.0.7-1 (unimportant) + - postgresql-8.1 8.1.3-1 (unimportant) CVE-2005-4723 (D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 ...) - TODO: check + NOT-FOR-US: D-Link hardware CVE-2005-4722 (_Request_Message.cfm in tmsPUBLISHER 3.3 allows remote attackers to ...) - TODO: check + NOT-FOR-US: tmsPUBLISHER CVE-2005-4721 (Cross-site scripting (XSS) vulnerability in search.cfm in tmsPUBLISHER ...) - TODO: check + NOT-FOR-US: tmsPUBLISHER CVE-2005-4720 (Mozilla Firefox 1.0.7 and earlier on Linux allows remote attackers to ...) - TODO: check + - mozilla-firefox <unfixed> + - firefox <unfixed> CVE-2005-4719 (Multiple SQL injection vulnerabilities in Sysbotz Systems Panel 1.0.6 ...) - TODO: check + NOT-FOR-US: Sysbotz Systems Panel CVE-2005-4718 (Opera 8.02 and earlier allows remote attackers to cause a denial of ...) - TODO: check + NOT-FOR-US: Opera CVE-2005-4717 (Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2005-4716 (Hitachi TP1/Server Base and TP1/NET/Library 2 on IBM AIX allow remote ...) - TODO: check -end claimed by jmm + NOT-FOR-US: Hitachi TP1 CVE-2006-XXXX [honeyd info leak] - honeyd <unfixed> (bug filed) CVE-2006-0677 (telnetd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2 allows ...) @@ -424,7 +426,7 @@ CVE-2006-0554 RESERVED CVE-2006-0553 (PostgreSQL 8.1.0 through 8.1.2 allows authenticated database users to ...) - TODO: check + - postgresql-8.1 8.1.3-1 CVE-2006-0552 (Unspecified vulnerability in the Net Listener component of Oracle ...) NOT-FOR-US: Oracle CVE-2006-0551 (SQL injection vulnerability in the Data Pump Metadata API in Oracle ...)