Author: jmm-guest Date: 2006-01-31 14:53:43 +0000 (Tue, 31 Jan 2006) New Revision: 3398 Modified: data/CVE/list Log: one new minor mediawiki issue lots of NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-01-31 11:54:25 UTC (rev 3397) +++ data/CVE/list 2006-01-31 14:53:43 UTC (rev 3398) @@ -223,61 +223,60 @@ NOT-FOR-US: Cisco CallManager CVE-2006-0367 (Unspecified vulnerability in Cisco CallManager 3.2 and earlier, 3.3 ...) NOT-FOR-US: Cisco CallManager -begin claimed by jmm CVE-2006-0366 (Cross-site scripting (XSS) vulnerability in Phpclanwebsite (aka PCW) ...) - TODO: check + NOT-FOR-US: Phpclanwebsite CVE-2006-0365 (Cross-site scripting (XSS) vulnerability in XMB (aka extreme message ...) - TODO: check + NOT-FOR-US: XMB CVE-2006-0364 (Cross-site scripting (XSS) vulnerability in MyBulletinBoard (MyBB) ...) - TODO: check + NOT-FOR-US: MyBB CVE-2006-0363 (The "Remember my Password" feature in MSN Messenger 7.5 stores ...) - TODO: check + NOT-FOR-US: MSN Messenger CVE-2006-0362 (TippingPoint Intrusion Prevention System (IPS) TOS before 2.1.4.6324, ...) - TODO: check + NOT-FOR-US: TippingPoint IPS CVE-2006-0361 (Cross-site scripting (XSS) vulnerability in addcomment.php in Bit 5 ...) - TODO: check + NOT-FOR-US: Bit 5 Blog CVE-2006-0360 (MPM SIP HP-180W Wireless IP Phone WE.00.17 allows remote attackers to ...) - TODO: check + NOT-FOR-US: MPM SIP IP Phone CVE-2006-0359 (Buffer overflow in CounterPath eyeBeam SIP Softphone allows remote ...) - TODO: check + NOT-FOR-US: eyeBeam SIP Softphone CVE-2006-0358 (Multiple SQL injection vulnerabilities in PowerPortal, possibly 1.1 ...) - TODO: check + NOT-FOR-US: PowerPortal CVE-2006-0357 (Grant Averett Cerberus FTP Server 2.32, and possibly earlier versions, ...) - TODO: check + NOT-FOR-US: Grant Averett Cerberus FTP Server CVE-2006-0356 (Ari Pikivirta Home Ftp Server 1.0.7 allows remote attackers to cause ...) - TODO: check + NOT-FOR-US: Ari Pikivirta Home Ftp Server CVE-2006-0355 (Helmsman Research (aka CoolUtils) HomeFtp 1.1 allows remote attackers ...) - TODO: check + NOT-FOR-US: Helmsman Research (aka CoolUtils) HomeFtp CVE-2006-0354 (Cisco IOS before 12.3-7-JA2 on Aironet Wireless Access Points (WAP) ...) NOT-FOR-US: Cisco IOS CVE-2006-0352 (The default configuration of Fluffington FLog 1.01 installs ...) - TODO: check + NOT-FOR-US: Fluffington FLog CVE-2006-0351 (Unspecified "critical denial-of-service vulnerability" in MyDNS before ...) - mydns 1.1.0+pre-3 (medium; bug #348826) CVE-2006-0350 (Cross-site scripting (XSS) vulnerability in eggblog 2.0 allow remote ...) - TODO: check + NOT-FOR-US: eggblog CVE-2006-0349 (SQL injection vulnerability in eggblog 2.0 allows remote attackers to ...) - TODO: check + NOT-FOR-US: eggblog CVE-2006-0348 (Format string vulnerability in the write_logfile function in ELOG ...) - elog <unfixed> (bug #349528; medium) CVE-2006-0347 (Directory traversal vulnerability in ELOG before 2.6.1 allows remote ...) - elog <unfixed> (bug #349528; medium) CVE-2006-0346 (Cross-site scripting (XSS) vulnerability in SaralBlog 1.0 allows ...) - TODO: check + NOT-FOR-US: SaralBlog CVE-2006-0345 (Multiple SQL injection vulnerabilities in SaralBlog 1.0 allow remote ...) - TODO: check + NOT-FOR-US: SaralBlog CVE-2006-0344 (Directory traversal vulnerability in Intervations FileCOPA FTP Server ...) - TODO: check + NOT-FOR-US: FileCOPA FTP Server CVE-2006-0343 (Unspecified vulnerability in the Port Discovery Standard and Advanced ...) - TODO: check + NOT-FOR-US: Hitachi JP1/NetInsight II CVE-2006-0342 (RockLiffe MailSite HTTP Mail management agent (httpma) 7.0.3.1 allows ...) - TODO: check + NOT-FOR-US: RockLiffe MailSite CVE-2006-0341 (Cross-site scripting (XSS) vulnerability in WCONSOLE.DLL in Rockliffe ...) - TODO: check + NOT-FOR-US: RockLiffe MailSite CVE-2006-0340 (Unspecified vulnerability in Stack Group Bidding Protocol (SGBP) ...) NOT-FOR-US: Cisco IOS CVE-2006-0339 (Buffer overflow in BitComet Client 0.60 allows remote attackers to ...) - TODO: check + NOT-FOR-US: BitComet CVE-2006-0338 (Multiple F-Secure Anti-Virus products and versions for Windows and ...) NOT-FOR-US: F-Secure CVE-2006-0337 (Buffer overflow in multiple F-Secure Anti-Virus products and versions ...) @@ -287,36 +286,35 @@ CVE-2006-0335 (Multiple unspecified vulnerabilities in Kerio WinRoute Firewall before ...) NOT-FOR-US: Kerio Firewall CVE-2006-0334 (Cross-site scripting (XSS) vulnerability in search.php in My Amazon ...) - TODO: check + NOT-FOR-US: My Amazon Store Manager CVE-2006-0333 (Cross-site scripting (XSS) vulnerability in ar-blog 5.2 allows remote ...) - TODO: check + NOT-FOR-US: ar-blog CVE-2006-0332 (Pantomime in Ecartis 1.0.0 snapshot 20050909 stores e-mail attachments ...) - ecartis <unfixed> (medium; bug #348824) NOTE: Sarge and Woody are affected CVE-2006-0331 (Buffer overflow in Change passwd 3.1 (chpasswd) SquirrelMail plugin ...) - TODO: check + NOT-FOR-US: Squirrelmail plugin CVE-2006-0330 (Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 ...) - gallery 1.5.2-1 CVE-2006-0329 (SQL injection vulnerability in HITSENSER Data Mart Server BS, BS-S, ...) - TODO: check + NOT-FOR-US: HITSENSER Data Mart Server BS CVE-2006-0328 (Format string vulnerability in Tftpd32 2.81 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Tftpd32, different from the tftpd in Debian CVE-2006-0327 (TYPO3 3.7.1 allows remote attackers to obtain sensitive information ...) - typo3-src <unfixed> (unimportant) NOTE: Only path disclosure CVE-2006-0326 RESERVED CVE-2006-0325 (Etomite Content Management System 0.6, and possibly earlier versions, ...) - TODO: check + NOT-FOR-US: Etomite CMS CVE-2006-0324 (SQL injection vulnerability in WebspotBlogging 3.0 allows remote ...) - TODO: check + NOT-FOR-US: WebspotBlogging CVE-2006-0323 RESERVED CVE-2006-0322 (Unspecified vulnerability the edit comment formatting functionality in ...) - TODO: check + - mediawiki <unfixed> (low) CVE-2005-4666 (Cross-site scripting (XSS) vulnerability in PHlyMail before 3.3 Beta1 ...) - TODO: check -end claimed by jmm + NOT-FOR-US: PHlyMail CVE-2006-XXXX [mydns remote DoS] - mydns 1.1.0+pre-3 (medium) CVE-2006-0353 (unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related to ...)