Author: jmm-guest Date: 2006-02-10 17:38:54 +0000 (Fri, 10 Feb 2006) New Revision: 3459 Modified: data/CVE/list Log: new powersave issue, already resolved lots of NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-02-10 17:18:04 UTC (rev 3458) +++ data/CVE/list 2006-02-10 17:38:54 UTC (rev 3459) @@ -3,90 +3,89 @@ CVE-2006-XXXX [pioneers meta-server DoS] - pioneers 0.9.55-1 (bug #351986; medium) [sarge] - gnocatan <not-affected> (Not exploitable in Sarge per maintainer) -begin claimed by jmm CVE-2006-0644 (Multiple directory traversal vulnerabilities in install.php in ...) - TODO: check + NOT-FOR-US: CPG-Nuke Dragonfly CMS CVE-2006-0643 (Cross-site scripting (XSS) vulnerability in WiredRed e/pop Web ...) - TODO: check + NOT-FOR-US: WiredRed e/pop Web Conferencing CVE-2006-0642 (Trend Micro ServerProtect 5.58, and possibly InterScan Messaging ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2006-0641 (Orbicule Undercover uses a third-party web server to determine the IP ...) - TODO: check + NOT-FOR-US: Orbicule Undercover CVE-2006-0640 (Orbicule Undercover allows attackers with physical or root access to ...) - TODO: check + NOT-FOR-US: Orbicule Undercover CVE-2006-0639 (Cross-site scripting (XSS) vulnerability in search.php in MyBB (aka ...) - TODO: check + NOT-FOR-US: MyBB CVE-2006-0638 (SQL injection vulnerability in moderation.php in MyBB (aka ...) - TODO: check + NOT-FOR-US: MyBB CVE-2006-0637 (Buffer overflow in cram.dll in QUALCOMM Eudora WorldMail 3.0 allows ...) - TODO: check + NOT-FOR-US: QUALCOMM Eudora WorldMail CVE-2006-0636 (desktop.php in eyeOS 0.8.9 and earlier tests for the existence of the ...) - TODO: check + NOT-FOR-US: eyeOS CVE-2006-0635 (Tiny C Compiler (TCC) 0.9.23 (aka TinyCC) evaluates the ...) - tcc <unfixed> (bug #352202; medium) NOTE: Sarge status not yet analysed CVE-2006-0634 (Borland C++Builder 6 (BCB6) with Update Pack 4 Enterprise edition ...) - TODO: check + NOT-FOR-US: Borland C++Builder CVE-2006-0633 (The make_password function in ipsclass.php in Invision Power Board ...) - TODO: check + NOT-FOR-US: Invision Power Board CVE-2006-0632 (The gen_rand_string function in phpBB 2.0.19 uses insufficiently ...) - TODO: check + NOTE: Sounds irrelevant, pinged phpbb maintainers CVE-2006-0631 (CRLF injection vulnerability in Erik C. Thauvin mailback allows remote ...) - TODO: check + NOT-FOR-US: Erik C. Thauvin mailback CVE-2006-0630 (RITLabs The Bat! before 3.0.0.15 displays certain important headers ...) - TODO: check + NOT-FOR-US: The Bat! CVE-2006-0629 (Unspecified vulnerability in AOL Instant Messenger (AIM) 5.9.3861 ...) - TODO: check + NOT-FOR-US: AIM CVE-2006-0628 (myquiz.pl in Dale Ray MyQuiz 1.01 allows remote attackers to execute ...) - TODO: check + NOT-FOR-US: Dale Ray MyQuiz CVE-2006-0627 (Cross-site scripting (XSS) vulnerability in Clever Copy 2.0, 2.0a, and ...) - TODO: check + NOT-FOR-US: Clever Copy CVE-2006-0624 (SQL injection vulnerability in check.asp in Whomp Real Estate Manager ...) - TODO: check + NOT-FOR-US: Whomp Real Estate Manager CVE-2006-0623 (QNX Neutrino RTOS 6.3.0 ships /etc/rc.d/rc.local with world-writable ...) - TODO: check + NOT-FOR-US: QNX CVE-2006-0622 (QNX Neutrino RTOS 6.3.0 allows local users to cause a denial of ...) - TODO: check + NOT-FOR-US: QNX CVE-2006-0621 (Multiple buffer overflows in QNX Neutrino RTOS 6.2.0 allow local users ...) - TODO: check + NOT-FOR-US: QNX CVE-2006-0620 (Race condition in phfont in QNX Neutrino RTOS 6.2.1 allows local users ...) - TODO: check + NOT-FOR-US: QNX CVE-2006-0619 (Multiple stack-based buffer overflows in QNX Neutrino RTOS 6.3.0 allow ...) - TODO: check + NOT-FOR-US: QNX CVE-2006-0618 (Format string vulnerability in fontsleuth in QNX Neutrino RTOS 6.3.0 ...) - TODO: check + NOT-FOR-US: QNX CVE-2006-0617 (Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 ...) - TODO: check + NOT-FOR-US: Sun Java CVE-2006-0616 (Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 4 and ...) - TODO: check + NOT-FOR-US: Sun Java CVE-2006-0615 (Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 ...) - TODO: check + NOT-FOR-US: Sun Java CVE-2006-0614 (Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 3 and ...) - TODO: check + NOT-FOR-US: Sun Java CVE-2006-0613 (Unspecified vulnerability in Java Web Start after 1.0.1_02, as used in ...) - TODO: check + NOT-FOR-US: Sun Java CVE-2006-0612 (Powersave daemon before 0.10.15.2 allows local users to gain ...) - TODO: check + - powersave 0.11.2-1 CVE-2006-0611 (Directory traversal vulnerability in compose.pl in @Mail 4.3 and ...) - TODO: check + NOT-FOR-US: @Mail CVE-2006-0610 (Multiple SQL injection vulnerabilities in 2200net Calendar system 1.2, ...) - TODO: check + NOT-FOR-US: 2200net Calender system CVE-2006-0609 (Cross-site scripting (XSS) vulnerability in add.php in Hinton Design ...) - TODO: check + NOT-FOR-US: Hinton Design phphd CVE-2006-0608 (Multiple SQL injection vulnerabilities in Hinton Design phphd 1.0 ...) - TODO: check + NOT-FOR-US: Hinton Design phphd CVE-2006-0607 (check.php in Hinton Design phphd 1.0 does not check passwords when ...) - TODO: check + NOT-FOR-US: Hinton Design phphd CVE-2006-0606 (SQL injection vulnerability in Unknown Domain Shoutbox 2005.07.21 ...) - TODO: check + NOT-FOR-US: Unknown Domain Shoutbox CVE-2006-0605 (Multiple cross-site scripting (XSS) vulnerabilities in Unknown Domain ...) - TODO: check + NOT-FOR-US: Unknown Domain Shoutbox CVE-2006-0604 (check.php in Hinton Design phphg Guestbook 1.2 does not check the user ...) - TODO: check + NOT-FOR-US: Hinton Design phphd CVE-2006-0603 (Multiple cross-site scripting vulnerabilities in signed.php in Hinton ...) - TODO: check + NOT-FOR-US: Hinton Design phphd CVE-2006-0602 (Multiple SQL injection vulnerabilities in Hinton Design phphg ...) - TODO: check + NOT-FOR-US: Hinton Design phphd CVE-2006-0601 RESERVED CVE-2006-0596 @@ -96,10 +95,9 @@ CVE-2006-0594 RESERVED CVE-2005-4711 (SQL injection vulnerability in Neocrome Land Down Under (LDU) 801 ...) - TODO: check + NOT-FOR-US: Land Down Under CVE-2005-4710 (Unspecified vulnerability in multiple Autodesk and AutoCAD products ...) - TODO: check -end claimed by jmm + NOT-FOR-US: AutoCAD CVE-2006-0598 [elog: buffer overflow in write_logfile] RESERVED - elog 2.6.1+r1642-1