Author: jmm-guest Date: 2006-01-31 11:19:49 +0000 (Tue, 31 Jan 2006) New Revision: 3395 Modified: data/CVE/list Log: new unimportant phpbb issue new zoph issue new tiff issue lots of NFUs can someone less offended by MySQL than myself please have a look at CVE-2006-0369? Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-01-31 10:46:57 UTC (rev 3394) +++ data/CVE/list 2006-01-31 11:19:49 UTC (rev 3395) @@ -1,18 +1,17 @@ -begin claimed by jmm CVE-2006-0467 RESERVED CVE-2006-0466 (Cross-site scripting (XSS) vulnerability in search.asp in Goldstag ...) - TODO: check + NOT-FOR-US: Goldstag Content Management System CVE-2006-0465 (Cross-site scripting (XSS) vulnerability in risultati_ricerca.php in ...) - TODO: check + NOT-FOR-US: active121 Site Manager CVE-2006-0464 (Multiple SQL injection vulnerabilities in index.php in IdeoContent ...) - TODO: check + NOT-FOR-US: IdeoContent Manager CVE-2006-0463 (Cross-site scripting (XSS) vulnerability in IdeoContent Manager allows ...) - TODO: check + NOT-FOR-US: IdeoContent Manager CVE-2006-0462 (SQL injection vulnerability in comentarios.php in AndoNET Blog ...) - TODO: check + NOT-FOR-US: AndoNET Blog CVE-2006-0461 (Cross-site scripting (XSS) vulnerability in core.input.php in ...) - TODO: check + NOT-FOR-US: ExpressionEngine CVE-2006-0460 RESERVED CVE-2006-0459 @@ -34,56 +33,58 @@ CVE-2006-0451 RESERVED CVE-2006-0450 (phpBB 2.0.19 and earlier allows remote attackers to cause a denial of ...) - TODO: check + - phpbb2 <unfixed> (unimportant) + NOTE: As discussed with the phpbb maintainers; this is only a lack of feature + NOTE: (phpbb2 doesn''t allow a kind of rate control for maximum login/searches for + NOTE: a certain time frame), but not a directly fixable security problem CVE-2006-0449 (Early termination vulnerability in the IMAP service in E-Post Mail ...) - TODO: check + NOT-FOR-US: E-Post Mail / SPA-PRO Mail CVE-2006-0448 (Multiple directory traversal vulnerabilities in (1) EPSTIMAP4S.EXE and ...) - TODO: check + NOT-FOR-US: E-Post Mail / SPA-PRO Mail CVE-2006-0447 (Multiple buffer overflows in E-Post Mail Server 4.10 and SPA-PRO Mail ...) - TODO: check + NOT-FOR-US: E-Post Mail / SPA-PRO Mail CVE-2006-0446 (Unspecified vulnerability in WeBWorK 2.1.3 and 2.2-pre1 allows remote ...) - TODO: check + NOT-FOR-US: WeBWorK CVE-2006-0445 (index.php in Phpclanwebsite 1.23.1 allows remote authenticated users ...) - TODO: check + NOT-FOR-US: Phpclanwebsite CVE-2006-0444 (SQL injection vulnerability in index.php in Phpclanwebsite (aka PCW) ...) - TODO: check + NOT-FOR-US: Phpclanwebsite CVE-2006-0443 (Cross-site scripting (XSS) vulnerability in archive.php in CheesyBlog ...) - TODO: check + NOT-FOR-US: CheesyBlog CVE-2006-0442 (Multiple cross-site scripting (XSS) vulnerabilities in usercp.php in ...) - TODO: check + NOT-FOR-US: MyBB CVE-2006-0441 (Stack-based buffer overflow in Sami FTP Server 2.0.1 allows remote ...) - TODO: check + NOT-FOR-US: Sami FTP Server CVE-2006-0440 (Text Rider 2.4 allows attackers to bypass authentication and upload ...) - TODO: check + NOT-FOR-US: Text Rider CVE-2006-0439 (Text Rider 2.4 stores sensitive data in the data directory under the ...) - TODO: check + NOT-FOR-US: Text Rider CVE-2006-0438 RESERVED CVE-2006-0437 RESERVED CVE-2006-0436 (Unspecified vulnerability in HP HP-UX B.11.00, B.11.04, and B.11.11 ...) - TODO: check + NOT-FOR-US: HP-UX CVE-2006-0435 (Unspecified vulnerability in Oracle PL/SQL (PLSQL) allows attackers to ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-0434 (Directory traversal vulnerability in action.php in phpXplorer allows ...) - TODO: check + NOT-FOR-US: phpXplorer CVE-2005-4675 (Cross-site scripting (XSS) vulnerability in list.php in Complete PHP ...) - TODO: check + NOT-FOR-US: Complete PHP Counter CVE-2005-4674 (Multiple SQL injection vulnerabilities in list.php in Complete PHP ...) - TODO: check + NOT-FOR-US: Complete PHP Counter CVE-2005-4673 (ioFTPD 0.5.84 u responds with different messages depending on whether ...) - TODO: check + NOT-FOR-US: ioFTPD CVE-2005-4672 (Cross-site scripting (XSS) vulnerability in image-editor-52/index.php ...) - TODO: check + NOT-FOR-US: CityPost Simple Image-Editor CVE-2005-4671 (Cross-site scripting (XSS) vulnerability in simple-upload-53.php in ...) - TODO: check + NOT-FOR-US: CityPost Simple PHP Upload CVE-2005-4670 (Cross-site scripting (XSS) vulnerability in message.php in CityPost ...) - TODO: check + NOT-FOR-US: CityPost Simple PHP Upload CVE-2005-4669 (SQL injection vulnerability in RT Internet Solutions (RTIS) WebAdmin ...) - TODO: check + NOT-FOR-US: RT Internet Solutions (RTIS) WebAdmin CVE-2005-4668 (The embedded HSQLDB in ParosProxy before 3.2.7, when running with JDK ...) - TODO: check -end claimed by jmm + NOT-FOR-US: ParoxProxy CVE-2006-0433 RESERVED CVE-2006-0432 (Unspecified vulnerability in BEA WebLogic Server and WebLogic Express ...) @@ -128,31 +129,30 @@ NOT-FOR-US: SleeperChat CVE-2006-0414 (Tor 0.1.1.10-alpha and earlier allows remote attackers to identify ...) - tor <unfixed> (bug #349283) -begin claimed by jmm CVE-2006-0413 (Multiple SQL injection vulnerabilities in index.php in NewsPHP allow ...) - TODO: check + NOT-FOR-US: NewsPHP CVE-2006-0412 (SQL injection vulnerability in CyberShop allows remote attackers to ...) - TODO: check + NOT-FOR-US: CyberShop CVE-2006-0411 (claro_init_local.inc.php in Claroline 1.7.2 uses guessable session ...) - TODO: check + NOT-FOR-US: Claroline CVE-2006-0410 (SQL injection vulnerability in ADOdb before 4.71, when using ...) - libphp-adodb <unfixed> (medium; bug #349985) CVE-2006-0409 (Cross-site scripting (XSS) vulnerability in index.php in Pixelpost ...) - TODO: check + NOT-FOR-US: Pixelpost Photoblog CVE-2006-0408 (rsh utility in Sun Grid Engine (SGE) before 6.0u7_1 allows local users ...) - TODO: check + NOT-FOR-US: Sun Grid Engine CVE-2006-0407 (Cross-site scripting (XSS) vulnerability in post.php in AZ Bulletin ...) - TODO: check + NOT-FOR-US: AZ Bulletin Board CVE-2006-0406 (search.php in MyBB 1.0.2 allows remote attackers to obtain sensitive ...) - TODO: check + NOT-FOR-US: MyBB CVE-2006-0405 (The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 ...) - TODO: check + - tiff <unfixed> (bug filed) CVE-2006-0404 (Note-A-Day Weblog 2.2 stores sensitive data under the web document ...) - TODO: check + NOT-FOR-US: Note-A-Day Weblog CVE-2006-0403 (Multiple SQL injection vulnerabilities in e-moBLOG 1.3 allow remote ...) - TODO: check + NOT-FOR-US: e-moBLOG CVE-2006-0402 (SQL injection vulnerability in Zoph before 0.5pre1 allows remote ...) - TODO: check + - zoph <unfixed> (bug filed) CVE-2006-0401 RESERVED CVE-2006-0400 @@ -194,32 +194,31 @@ CVE-2006-0382 RESERVED CVE-2006-0381 (A logic error in the IP fragment cache functionality in pf in FreeBSD ...) - TODO: check + NOT-FOR-US: pf on Free BSD and Open BSD CVE-2006-0380 (A logic error in FreeBSD kernel 5.4-STABLE and 6.0 causes the kernel ...) - TODO: check + NOT-FOR-US: FreeBSD CVE-2006-0379 (FreeBSD kernel 5.4-STABLE and 6.0 does not completely initialize a ...) - TODO: check + NOT-FOR-US: FreeBSD CVE-2006-0378 (Cross-site scripting (XSS) vulnerability in Netrix X-Site Manager ...) - TODO: check + NOT-FOR-US: Netrix X-Site Manager CVE-2006-0377 RESERVED CVE-2006-0376 (The 802.11 wireless client in certain operating systems including ...) - TODO: check + NOT-FOR-US: Windows CVE-2006-0375 (Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 ...) - TODO: check + NOT-FOR-US: Advantage Century Telecommunication (ACT) P202S IP Phone CVE-2006-0374 (Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 ...) - TODO: check + NOT-FOR-US: Advantage Century Telecommunication (ACT) P202S IP Phone CVE-2006-0373 (Cross-site scripting (XSS) vulnerability in register.aspx in Douran ...) - TODO: check + NOT-FOR-US: Douran FollowWeb CVE-2006-0372 (Multiple SQL injection vulnerabilities in config.php in Insane Visions ...) - TODO: check + NOT-FOR-US: Insane Visions BlogPHP CVE-2006-0371 (Directory traversal vulnerability in index.php in Noah Medling RCBlog ...) - TODO: check + NOT-FOR-US: Noah Medling RCBlog CVE-2006-0370 (Noah Medling RCBlog 1.03 stores the data and config directories under ...) - TODO: check + NOT-FOR-US: Noah Medling RCBlog CVE-2006-0369 (** DISPUTED ** ...) - TODO: check -end claimed by jmm + TODO: I don''t know MySQL very well, but I suppose that is normal? CVE-2006-0368 (Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before ...) NOT-FOR-US: Cisco CallManager CVE-2006-0367 (Unspecified vulnerability in Cisco CallManager 3.2 and earlier, 3.3 ...)