Author: joeyh Date: 2006-01-21 20:23:51 +0000 (Sat, 21 Jan 2006) New Revision: 3332 Modified: data/CVE/list Log: processed recent TODOs Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-01-20 21:14:21 UTC (rev 3331) +++ data/CVE/list 2006-01-21 20:23:51 UTC (rev 3332) @@ -35,7 +35,7 @@ CVE-2006-0305 (Clipcomm CPW-100E VoIP 802.11b Wireless Handset Phone running firmware ...) NOT-FOR-US: Clipcomm hardware CVE-2006-0304 (Buffer overflow in Dual DHCP DNS Server 1.0 allows remote attackers to ...) - TODO: Check + NOT-FOR-US: dual dns server CVE-2006-0303 (Multiple unspecified vulnerabilities in the (1) publishing component, ...) NOT-FOR-US: Joomla! CVE-2006-0302 (ZyXel P2000W VoIP 802.11b Wireless Phone running firmware WV.00.02 ...) @@ -61,125 +61,123 @@ CVE-2006-0292 RESERVED CVE-2006-0291 (Multiple unspecified vulnerabilities in Oracle Database Server ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-0290 (Unspecified vulnerability in Oracle Database Server 9.2.0.7, ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-0289 (Multiple unspecified vulnerabilities in Oracle Application Server ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-0288 (Unspecified vulnerability in the Oracle Reports Developer component of ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-0287 (Unspecified vulnerability in the Oracle HTTP Server component of ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-0286 (Unspecified vulnerability in the Oracle HTTP Server component of ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-0285 (Unspecified vulnerability in the Java Net component of Oracle Database ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-0284 (Multiple unspecified vulnerabilities in Oracle Application Server ...) - TODO: check -CVE-2006-0283 (Unspecified vulnerability in Oracle Database Server 10.1.0.4.2, ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-0282 (Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-0281 (Unspecified vulnerability in Oracle JD Edwards HTML Server 8.95.F1 ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-0280 (Unspecified vulnerability in Oracle PeopleSoft Enterprise Portal 8.4 ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-0279 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-0278 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-0277 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-0276 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-0275 (Unspecified vulnerability in the Oracle Reports Developer component of ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-0274 (Unspecified vulnerability in the Oracle Reports Developer component of ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-0273 (Unspecified vulnerability in the Portal component of Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-0272 (Unspecified vulnerability in the XML Database component of Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-0271 (Unspecified vulnerability in the Upgrade & Downgrade component of ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-0270 (Unspecified vulnerability in the TDE Wallet component of Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-0269 (Unspecified vulnerability in the Streams Capture component of Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-0268 (Unspecified vulnerability in the Security component of Oracle Database ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-0267 (Unspecified vulnerability in the Query Optimizer component of Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-0266 (Unspecified vulnerability in the Query Optimizer component of Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-0265 (Multiple unspecified vulnerabilities in Oracle Database server ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-0264 (Unspecified vulnerability in the Net Listener component of Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-0263 (Multiple unspecified vulnerabilities in Oracle Database server ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-0262 (Unspecified vulnerability in the Net Foundation Layer component of ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-0261 (Multiple unspecified vulnerabilities in Oracle Database server ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-0260 (Multiple unspecified vulnerabilities in Oracle Database server 9.2.0.7 ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-0259 (Multiple unspecified vulnerabilities in the Data Pump component of ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-0258 (Unspecified vulnerability in the Connection Manager component of ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-0257 (Unspecified vulnerability in the Change Data Capture component of ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-0256 (Unspecified vulnerability in the Advanced Queuing component of Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-0255 (Unquoted Windows search path vulnerability in Check Point VPN-1 ...) - TODO: check + NOT-FOR-US: Check Point VPN CVE-2006-0254 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo ...) - TODO: check + NOT-FOR-US: Apache Geronimo CVE-2006-0253 (Buffer overflow in the Bluetooth OBEX Object Push service in "Blue ...) - TODO: check + NOT-FOR-US: AmbiCom Blue Neighbors CVE-2006-0252 (SQL injection vulnerability in Benders Calendar 1.0 allows remote ...) - TODO: check + NOT-FOR-U: Benders Calendar CVE-2006-0251 (Cross-site scripting (XSS) vulnerability in fom.cgi in Faq-O-Matic ...) - TODO: check + - faqomatic 2.712-3 CVE-2006-0250 (Format string vulnerability in the snmp_input function in snmptrapd in ...) NOT-FOR-US: cmu-snmp-linux fork from CMU SNMP NOTE: This bug is present in a fork, not in the mainline NOTE: CMU-SNMP/UCD-SNMP/NET-SNMP versions. CVE-2006-0249 (SQL injection vulnerability in viewcat.php in BitDamaged geoBlog ...) - TODO: check + NOT-FOR-US: geoBlog CVE-2006-0248 (Virata-EmWeb web server 6_1_0, as used in (1) Intracom JetSpeed 500 ...) - TODO: check + NOT-FOR-US: Virata-EmWeb web server CVE-2006-0247 (Cross-site scripting (XSS) vulnerability in anyboard.cgi in Netbula ...) - TODO: check + NOT-FOR-US: Anyboard CVE-2006-0246 (Cross-site scripting (XSS) vulnerability in down.pl in Widexl Download ...) - TODO: check + NOT-FOR-US: Widexl Download Tracker CVE-2006-0245 (Multiple cross-site scripting (XSS) vulnerabilities in CubeCart ...) - TODO: check + NOT-FOR-US: CubeCart CVE-2006-0244 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: phpXplorer CVE-2006-0243 (Cross-site scripting (XSS) vulnerability in SMBCMS 2.1 allows remote ...) - TODO: check + NOT-FOR-US: SMBCMS CVE-2006-0242 (Cross-site scripting vulnerability in index.php in PHP Fusebox 4.0.6 ...) - TODO: check + NOT-FOR-US: PHP Fusebox CVE-2006-0241 (Cross-site scripting vulnerability in WBNews 1.1.0 and earlier allows ...) - TODO: check + NOT-FOR-US: WBNews CVE-2006-0240 (Multiple SQL injection vulnerabilities in Simple Blog 2.1 allow remote ...) - TODO: check + NOT-FOR-US: Simple Blog CVE-2006-0239 (Multiple cross-site scripting (XSS) vulnerabilities in Simple Blog 2.1 ...) - TODO: check + NOT-FOR-US: Simple Blog CVE-2006-0238 (SQL injection vulnerability in wp-stats.php in GaMerZ WP-Stats 2.0 ...) - TODO: check + NOT-FOR-US: GaMerZ WP-Stats CVE-2006-0237 (Cross-site scripting (XSS) vulnerability in index.php in GTP iCommerce ...) - TODO: check + NOT-FOR-US: GTP iCommerce CVE-2006-0236 (GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, ...) - TODO: check + - mozilla-thunderbird (unfixed; bug #349242; medium) CVE-2006-0235 (SQL injection vulnerability in WhiteAlbum 2.5 allows remote attackers ...) - TODO: check + NOT-FOR-US: WhiteAlbum CVE-2006-0234 (SQL injection vulnerability in index.php in microBlog 2.0 RC-10 allows ...) - TODO: check + NOT-FOR-US: microBlog CVE-2006-0233 (Cross-site scripting (XSS) vulnerability in microBlog 2.0 RC-10 allows ...) - TODO: check + NOT-FOR-US: microBlog CVE-2006-0232 RESERVED CVE-2006-0231 @@ -187,49 +185,51 @@ CVE-2006-0230 RESERVED CVE-2006-0229 (Unquoted Windows search path vulnerability in Wehntrust might allow ...) - TODO: check + NOT-FOR-US: Wehntrust CVE-2006-0228 (The RBAC functionality in grsecurity before 2.1.8 does not properly ...) - TODO: check + - kernel-patch-grsecurity2 (unfixed; bug filed; medium) + - kernel-patch-2.4-grsecurity (unfixed; bug filed; medium) CVE-2006-0227 (Multiple unspecified vulnerabilities in lpsched in Sun Solaris 8, 9, ...) - TODO: check + NOT-FOR-US: lpsched in Sun Solaris CVE-2006-0226 (Integer overflow in IEEE 802.11 network subsystem (ieee80211_ioctl.c) ...) - TODO: check + NOT-FOR-US: freebsd kernel CVE-2006-0225 RESERVED CVE-2006-0224 RESERVED CVE-2005-4665 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.6 and earlier ...) - TODO: check + NOT-FOR-US: PunBB CVE-2006-0223 (Directory traversal vulnerability in Shanghai TopCMM 123 Flash Chat ...) - TODO: check + NOT-FOR-US: TopCMM CVE-2006-0222 (Cross-site scripting (XSS) vulnerability in fullview.php in AlstraSoft ...) - TODO: check + NOT-FOR-US: AlstraSoft Template Seller Pro CVE-2006-0221 (SQL injection vulnerability in index.asp in the Admin Panel in Dragon ...) - TODO: check + NOT-FOR-US: Dragon Design Services Network (DDSN) CVE-2006-0220 (Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3 ...) - TODO: check + NOT-FOR-US: DCP-Portal CVE-2006-0219 (The original distribution of MyBulletinBoard (MyBB) to update from ...) - TODO: check + NOT-FOR-US: MyBB CVE-2006-0218 (Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before ...) - TODO: check + NOT-FOR-US: MyBB CVE-2006-0217 (Multiple cross-site scripting (XSS) vulnerabilities in Ultimate ...) - TODO: check + NOT-FOR-US: Ultimate Auction CVE-2006-0216 (admin.php in QualityEBiz Quality PPC (QPPC) 1.0 build 1644 allows ...) - TODO: check + NOT-FOR-US: QualityEBiz Quality PPC CVE-2006-0215 (Cross-site scripting (XSS) vulnerability in admin.php in QualityEBiz ...) - TODO: check + NOT-FOR-US: QualityEBiz Quality PPC CVE-2006-0214 (Eval injection vulnerability in ezDatabase 2.0 and earlier allows ...) - TODO: check + NOT-FOR-US: ezDatabase CVE-2006-0213 (Kolab Server 2.0.1, 2.0.2 and development versions pre-2.1-20051215 ...) - TODO: check + NOT-FOR-US: Kolab Server + NOTE: libkolab-perl are extensions for this server, but server does not seem to be in debian CVE-2006-0212 (Directory traversal vulnerability in OBEX Push services in Toshiba ...) - TODO: check + NOT-FOR-US: Toshiba Bluetooth Stack CVE-2006-0211 (Cross-site scripting (XSS) vulnerability in forgotPassword.asp in Helm ...) - TODO: check + NOT-FOR-US: Helm Hosting Control Panel CVE-2006-0210 (Cross-site scripting (XSS) vulnerability in index.php in Interspire ...) - TODO: check + NOT-FOR-US: Interspire TrackPoint NX CVE-2006-0209 (SQL injection vulnerability in general_functions.php in TankLogger 2.4 ...) - TODO: check + NOT-FOR-US: TankLogger CVE-2006-0208 (Multiple cross-site scripting (XSS) vulnerabilities in PHP 5.1.1, when ...) - php5 5.1.2-1 - php4 4:4.4.2-1 @@ -237,70 +237,71 @@ - php5 5.1.2-1 - php4 4:4.4.2-1 CVE-2006-0206 (Eval injection vulnerability in Light Weight Calendar (LWC) 1.0 ...) - TODO: check + NOT-FOR-US: Light Weight Calendar CVE-2006-0205 (Multiple SQL injection vulnerabilities in Wordcircle 2.17 allow remote ...) - TODO: check + NOT-FOR-US: Wordcircle CVE-2006-0204 (Multiple cross-site scripting (XSS) vulnerabilities in Wordcircle 2.17 ...) - TODO: check + NOT-FOR-US: Wordcircle CVE-2006-0203 (membership.asp in Mini-Nuke CMS System 1.8.2 and earlier does not ...) - TODO: check + NOT-FOR-US: Mini-Nuke CVE-2006-0202 (Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP ...) - TODO: check + NOT-FOR-US: PayPal Web Services CVE-2006-0201 (Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP ...) - TODO: check + NOT-FOR-US: PayPal Web Services CVE-2006-0200 (Format string vulnerability in the error-reporting feature in the ...) - php5 5.1.2-1 (unimportant) NOTE: Not built into the binary packages CVE-2006-0199 (SQL injection vulnerability in news.asp in Mini-Nuke CMS System 1.8.2 ...) - TODO: check + NOT-FOR-US: Mini-Nuke CVE-2006-0198 (Cross-site scripting (XSS) vulnerability in a certain module, possibly ...) - TODO: check + NOT-FOR-US: XOOPS CVE-2006-0197 (The XClientMessageEvent struct used in certain components of X.Org ...) - TODO: check + NOTE: exploitability uncertian + - xorg-x11 (unfixed; bug filed; low) CVE-2006-0196 (Unspecified vulnerability in Serial line sniffer (aka slsnif) 0.4.4 ...) - TODO: check + NOT-FOR-US: slsnif CVE-2006-0195 RESERVED CVE-2006-0194 (Cross-site scripting (XSS) vulnerability in default.asp in FogBugz ...) - TODO: check + NOT-FOR-US: FogBugz CVE-2006-0193 (Cross-site scripting (XSS) vulnerability in the Hosting Control Panel ...) - TODO: check + NOT-FOR-US: Positive Software H-Sphere CVE-2006-0192 (SQL injection vulnerability in Login_Validate.asp in ASPSurvey 1.10 ...) - TODO: check + NOT-FOR-US: ASPSurvey CVE-2006-0191 (Unspecified vulnerability in Sun Solaris 10 allows local users to ...) - TODO: check + NOT-FOR-US: Sun Solaris CVE-2006-0190 (Unspecified vulnerability in Sun Solaris 9 and 10 for the x86 platform ...) - TODO: check + NOT-FOR-US: Sun Solaris CVE-2006-0189 (Buffer overflow in eStara Softphone 3.0.1.14 through 3.0.1.46 allows ...) - TODO: check + NOT-FOR-US: eStara Softphone CVE-2006-0188 RESERVED CVE-2005-4664 (SQL injection vulnerability in OcoMon 1.21, and possibly other ...) - TODO: check + NOT-FOR-US: OcoMon CVE-2005-4663 (Cross-site scripting (XSS) vulnerability in OcoMon 1.20, and possibly ...) - TODO: check + NOT-FOR-US: OcoMon CVE-2005-4662 (Multiple SQL injection vulnerabilities in OcoMon 1.20, and possibly ...) - TODO: check + NOT-FOR-US: OcoMon CVE-2005-4661 (The notifyendsubs cron job in Campsite before 2.3.3 sends an e-mail ...) - TODO: check + NOT-FOR-US: Campsite CVE-2005-4660 (Race condition in IPCop (aka IPCop Firewall) before 1.4.10 might allow ...) - TODO: check + NOT-FOR-US: IPCop CVE-2005-4659 (IPCop (aka IPCop Firewall) before 1.4.10 has world-readable ...) - TODO: check + NOT-FOR-US: IPCop CVE-2005-4658 (Multiple cross-site scripting (XSS) vulnerabilities in ...) - TODO: check + NOT-FOR-US: ASP-Programmers.com ASPKnowledgebase CVE-2005-4657 (Ocean12 Calendar Manager Pro 1.01 allows remote attackers to bypass ...) - TODO: check + NOT-FOR-US: Ocean12 CVE-2005-4656 (SQL injection vulnerability in index.php in TClanPortal 1.1.3 and ...) - TODO: check + NOT-FOR-US: TClanPortal CVE-2005-4655 (Cross-site scripting (XSS) vulnerability in submit.php in PHP-Fusion ...) - TODO: check + NOT-FOR-US: PHP-Fusion CVE-2005-4654 (Multiple unspecified vulnerabilities in Oracle for OpenView (OfO) ...) - TODO: check + NOT-FOR-US: Oracle CVE-2005-4653 (Unspecified vulnerability in ss.php in AL-Caricatier 2.5 and earlier ...) - TODO: check + NOT-FOR-US: AL-Caricatier CVE-2005-4652 (SQL injection vulnerability in PHlyMail 3.02.01 allows remote ...) - TODO: check + NOT-FOR-US: PHlyMail CVE-2005-4651 (SQL injection vulnerability in index.php in AlstraSoft EPay Pro 2.0 ...) NOT-FOR-US: AlstraSoft EPay Pro CVE-2005-4650 (Joomla! 1.03 does not restrict the number of "Search" Mambots, which ...)