Author: jmm-guest Date: 2006-01-04 13:13:38 +0000 (Wed, 04 Jan 2006) New Revision: 3225 Modified: data/CVE/list Log: processed block: three not-affected the rest are NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-01-04 12:34:33 UTC (rev 3224) +++ data/CVE/list 2006-01-04 13:13:38 UTC (rev 3225) @@ -6,65 +6,64 @@ NOT-FOR-US: vBulletin CVE-2006-0079 (SQL injection vulnerability in auth.php in ScozNet ScozBook BETA 1.1 ...) NOT-FOR-US: ScozNet -begin claimed by jmm CVE-2006-0078 (Multiple cross-site scripting (XSS) vulnerabilities in B-net Software ...) - TODO: check + NOT-FOR-US: B-Net Software CVE-2006-0077 (Off-by-one error in the getfattr function in File::ExtAttr before 0.03 ...) NOT-FOR-US: File::ExtAttr TODO: check for further uploads. CVE-2006-0076 (PHP remote file include vulnerability in forum.php in oaBoard 1.0 ...) - TODO: check + NOT-FOR-US: oaBoard CVE-2006-0075 (Direct static code injection vulnerability in phpBook 1.3.2 and ...) - TODO: check + NOT-FOR-US: phpBook CVE-2006-0074 (SQL injection vulnerability in profile.php in PHPenpals allows remote ...) - TODO: check + NOT-FOR-US: PHPenpals CVE-2006-0073 (Cross-site scripting (XSS) vulnerability in DiscusWare Discus Freeware ...) - TODO: check + NOT-FOR-US: DiscusWare Discus CVE-2006-0072 (Buffer overflow in termsh on SCO OpenServer 5.0.7 allows remote ...) - TODO: check + NOT-FOR-US: SCO Openserver CVE-2006-0071 (The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid ...) - TODO: check + - pinentry <not-affected> (Gentoo-specific packaging flaw) CVE-2006-0070 (** DISPUTED ** ...) - TODO: check + - drupal <not-affected> (According to upstream advisory is junk, behaviour intentional) + NOTE: This will probably be REJECTED anyway CVE-2006-0069 (Cross-site scripting (XSS) vulnerability in addentry.php in Chipmunk ...) - TODO: check + NOT-FOR-US: Chipmunk Guestbook CVE-2006-0068 (SQL injection vulnerability in Primo Cart 1.0 and earlier allows ...) - TODO: check + NOT-FOR-US: Primo Cart CVE-2006-0067 (SQL injection vulnerability in login.php in VEGO Links Builder 2.00 ...) - TODO: check + NOT-FOR-US: VEGO Links Builder CVE-2006-0066 (SQL injection vulnerability in index.php in PHPjournaler 1.0 allows ...) - TODO: check + NOT-FOR-US: PHPjournaler CVE-2006-0065 (SQL injection vulnerability in (1) functions.php, (2) ...) - TODO: check + NOT-FOR-US: VEGO Web Forum CVE-2006-0064 (PHP remote file include vulnerability in includes/orderSuccess.inc.php ...) - TODO: check + NOT-FOR-US: CubeCart CVE-2006-0063 RESERVED CVE-2005-4617 (SQL injection vulnerability in tickets.php in cSupport 1.0 and earlier ...) - TODO: check + NOT-FOR-US: cSupport CVE-2005-4616 (SQL injection vulnerability in index.php in iSupport 1.06 allows ...) - TODO: check + NOT-FOR-US: iSupport CVE-2005-4615 (SQL injection vulnerability in news.php in DapperDesk 3.0.1 and ...) - TODO: check + NOT-FOR-US: DapperDesk CVE-2005-4614 (Multiple SQL injection vulnerabilities in digiSHOP 3.1.17 and earlier ...) - TODO: check + NOT-FOR-US: digiSHOP CVE-2005-4613 (Cross-site scripting (XSS) vulnerability in VUBB alpha rc1 allows ...) - TODO: check + NOT-FOR-US: VUBB alpha CVE-2005-4612 (Multiple SQL injection vulnerabilities in VUBB alpha rc1 allow remote ...) - TODO: check + NOT-FOR-US: VUBB alpha CVE-2005-4611 (SQL injection vulnerability in search.php in Free ClickBank 1.0 and ...) - TODO: check + NOT-FOR-US: Free ClickBank CVE-2005-4610 (Format string vulnerability in the server for Dopewars before 1.5.12, ...) - TODO: check + - dopewars <not-affected> (According to upstream Windows-specific) CVE-2005-4609 (index.php in BugPort 1.147 and earlier allows remote attackers to ...) - TODO: check + NOT-FOR-US: BugPort CVE-2005-4608 (SQL injection vulnerability in index.php in BugPort 1.147 allows ...) - TODO: check + NOT-FOR-US: BugPort CVE-2005-4607 (Cross-site scripting (XSS) vulnerability in index.php in BugPort 1.147 ...) - TODO: check + NOT-FOR-US: BugPort CVE-2005-4606 (SQL injection vulnerability in check_user.asp in multiple Web Wiz ...) - TODO: check -end claimed by jmm + NOT-FOR-US: Web Wiz CVE-2006-XXXX [libmail-audit-perl: insecure /tmp handling] - libmail-audit-perl <unfixed> (bug #344029) CVE-2005-4605 (The procfs code (proc_misc.c) in Linux 2.6.14.3 and other versions ...)