Author: jmm-guest Date: 2006-01-12 12:23:41 +0000 (Thu, 12 Jan 2006) New Revision: 3278 Modified: data/CVE/list Log: xmame CVEfied the rest are NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-01-12 11:49:17 UTC (rev 3277) +++ data/CVE/list 2006-01-12 12:23:41 UTC (rev 3278) @@ -1,74 +1,71 @@ CVE-2006-0187 (By design, Microsoft Visual Studio 2005 automatically executes code in ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2006-0186 (Multiple SQL injection vulnerabilities in MusicBox 2.3 and earlier ...) - TODO: check + NOT-FOR-US: MusicBox CVE-2006-0185 (Multiple cross-site scripting vulnerabilities in the (1) Pool or (2) ...) - TODO: check + NOT-FOR-US: PHP-Nuke CVE-2006-0184 (Multiple SQL injection vulnerabilities in AspTopSites allow remote ...) - TODO: check + NOT-FOR-US: AspTopSites CVE-2006-0183 (Direct static code injection vulnerability in edit.php in ACal ...) - TODO: check + NOT-FOR-US: ACal Calendar Project CVE-2006-0182 (login.php in ACal Calendar Project 2.2.5 allows remote attackers to ...) - TODO: check + NOT-FOR-US: ACal Calendar Project CVE-2006-0181 (Cisco Security Monitoring, Analysis and Response System (CS-MARS) ...) - TODO: check + NOT-FOR-US: Cisco CS-MARS CVE-2006-0180 (Cross-site scripting (XSS) vulnerability in CaLogic Calendars 1.2.2 ...) - TODO: check + NOT-FOR-US: CaLogic Calendars CVE-2006-0179 (The Cisco IP Phone 7940 allows remote attackers to cause a denial of ...) - TODO: check + NOT-FOR-US: Cisco IP Phone CVE-2006-0178 (Format string vulnerability in /bin/ftp in UNICOS 9.0.2.2 allows local ...) - TODO: check + NOT-FOR-US: Cray UNICOS CVE-2006-0177 (Multiple buffer overflows in Cray UNICOS 9.0.2.2 might allow local ...) - TODO: check + NOT-FOR-US: Cray UNICOS CVE-2006-0176 (Buffer overflow in certain functions in src/fileio.c and ...) - TODO: check + - xmame <unfixed> (medium) + NOTE: Only xmame-svgalib is vulnerable, the xmame-x package has a debconf + NOTE: question, that makes it very clear that setuid root is only for single-user + NOTE: systems and xmame-sdl and xmess aren''t setuid at all + [sarge] - xmame <no-dsa> (XMame is non-free software) CVE-2006-0175 (Cross-site scripting (XSS) vulnerability in search_form.asp in Web Wiz ...) - TODO: check + NOT-FOR-US: Web Wiz Forums CVE-2006-0174 (Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) ...) - TODO: check + NOT-FOR-US: Hummingbird Collaboration CVE-2006-0173 (Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) ...) - TODO: check + NOT-FOR-US: Hummingbird Collaboration CVE-2006-0172 (Cross-site scripting (XSS) vulnerability in the file manager utility ...) - TODO: check + NOT-FOR-US: Hummingbird Collaboration CVE-2006-0171 (PHP remote file include vulnerability in index.php in OrjinWeb ...) - TODO: check + NOT-FOR-US: OrjinWeb E-commerce CVE-2006-0170 REJECTED - TODO: check CVE-2006-0169 (addresses.php3 in MyPhPim 01.05 does not restrict uploaded files, ...) - TODO: check + NOT-FOR-US: MyPhPim CVE-2006-0168 (Cross-site scripting (XSS) vulnerability in MyPhPim 01.05 allows ...) - TODO: check + NOT-FOR-US: MyPhPim CVE-2006-0167 (SQL injection vulnerability in MyPhPim 01.05 allows remote attackers ...) - TODO: check + NOT-FOR-US: MyPhPim CVE-2006-0166 (Symantec Norton SystemWorks and SystemWorks Premier 2005 and 2006 ...) - TODO: check + NOT-FOR-US: Symantec SystemWorks CVE-2006-0165 (Cross-site scripting (XSS) vulnerability in the DataForm Entries ...) - TODO: check + NOT-FOR-US: Plain Black WebGUI CVE-2006-0164 (phgstats.inc.php in phgstats before 0.5.1, if register_globals is ...) - TODO: check + NOT-FOR-US: phgstats CVE-2006-0163 (SQL injection vulnerability in the search module ...) - TODO: check + NOT-FOR-US: PHPNuke CVE-2006-0161 (Unspecified vulnerability in uucp in Sun Solaris 8 and 9 has unknown ...) - TODO: check + NOT-FOR-US: Solaris CVE-2005-4647 (Multiple SQL injection vulnerabilities in PEARLINGER Pearl Forums 2.4 ...) - TODO: check + NOT-FOR-US: PEARLINGER Pearl Forums CVE-2005-4646 (Unspecified vulnerability in index.php in PEARLINGER Pearl Forums 2.4 ...) - TODO: check + NOT-FOR-US: PEARLINGER Pearl Forums CVE-2005-4645 (SQL injection vulnerability in index.php in 3CFR allows remote ...) - TODO: check + NOT-FOR-US: 3CFR CVE-2005-4644 (Cross-site scripting (XSS) vulnerability in the HTML WikiProcessor in ...) - TODO: check + NOT-FOR-US: HTML WikiProcessor CVE-2005-4643 (SQL injection vulnerability in index.php in Antharia OnContent // CMS ...) - TODO: check + NOT-FOR-US: Antharia OnContent CVE-2005-4642 (Multiple cross-site scripting (XSS) vulnerabilities in HydroBB 1.0.0 ...) - TODO: check -CVE-2006-XXXX [xmame buffer overflows] - - xmame <unfixed> - NOTE: Only xmame-svgalib is vulnerable, the xmame-x package has a debconf - NOTE: question, that makes it very clear that setuid root is only for single-user - NOTE: systems and xmame-sdl and xmess aren''t setuid at all - [sarge] - xmame <no-dsa> (XMame is non-free software) + NOT-FOR-US: HydroBB CVE-2006-0160 (SQL injection vulnerability in add_post.php3 in Venom Board 1.22 ...) NOT-FOR-US: Venom Board CVE-2006-0159 (SQL injection vulnerability in escribir.php in Foro Domus 2.10 allows ...)