Author: micah Date: 2006-02-15 05:19:30 +0000 (Wed, 15 Feb 2006) New Revision: 3485 Modified: data/CVE/list Log: A bunch of NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-02-15 04:36:48 UTC (rev 3484) +++ data/CVE/list 2006-02-15 05:19:30 UTC (rev 3485) @@ -29,39 +29,39 @@ - mantis 0.19.4-3 [woody] - mantis <not-affected> (Complete rewrite in 0.19) CVE-2006-0663 (Multiple cross-site scripting (XSS) vulnerabilities in Lotus Domino ...) - TODO: check + NOT-FOR-US: Lotus Domino CVE-2006-0662 (Cross-site scripting (XSS) vulnerability in Lotus Domino iNotes Client ...) - TODO: check + NOT-FOR-US: Lotus Domino CVE-2006-0661 (Cross-site scripting (XSS) vulnerability in SmE GB Host 1.21 and SmE ...) - TODO: check + NOT-FOR-US: SmE GB Host CVE-2006-0660 (Multiple directory traversal vulnerabilities in FarsiNews 2.5 and ...) - TODO: check + NOT-FOR-US: FarsiNews CVE-2006-0659 (Multiple PHP remote file include vulnerabilities in Runcms 1.2 and ...) - TODO: check + NOT-FOR-US: Runcms CVE-2006-0658 (Incomplete blacklist vulnerability in FCKeditor 2.0 and 2.2, as used ...) - TODO: check + NOT-FOR-US: FCKeditor CVE-2006-0657 (Cross-site scripting (XSS) vulnerability in Softcomplex PHP Event ...) - TODO: check + NOT-FOR-US: Softcomplex CVE-2006-0656 (Directory traversal vulnerability in HP Systems Insight Manager 4.2 ...) - TODO: check + NOT-FOR-US: HP CVE-2006-0655 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...) - TODO: check + NOT-FOR-US: Hinton Design phpht Topsites CVE-2006-0654 (check.php in Hinton Design phpht Topsites 1.3 does not validate ...) - TODO: check + NOT-FOR-US: Hinton Design phpht Topsites CVE-2006-0653 (Multiple SQL injection vulnerabilities in Hinton Design phpht Topsites ...) - TODO: check + NOT-FOR-US: Hinton Design phpht Topsites CVE-2006-0652 (WHMCompleteSolution (WHMCS) before 2.3 assigns incorrect permissions ...) - TODO: check + NOT-FOR-US: WHMCompleteSolution CVE-2006-0651 (SQL injection vulnerability in index.php in vwdev allows remote ...) - TODO: check + NOT-FOR-US: vwdev CVE-2006-0650 (Cross-site scripting (XSS) vulnerability in cpaint2.inc.php in the ...) - TODO: check + NOT-FOR-US: CPAINT CVE-2006-0649 (Cross-site scripting (XSS) vulnerability in DataparkSearch before 4.37 ...) - TODO: check + NOT-FOR-US: DataparkSearch CVE-2006-0648 (Multiple directory traversal vulnerabilities in PHP iCalendar 2.0.1, ...) - TODO: check + NOT-FOR-US: PHP iCalendar CVE-2006-0647 (LDAP service in Sun Java System Directory Server 5.2, running on Linux ...) - TODO: check + NOT-FOR-US: Sun Java System Directory Server CVE-2006-0646 (ld in SUSE Linux 9.1 through 10.0, and SLES 9, in certain ...) - binutils <not-affected> (SuSE specific vulnerability) CVE-2006-0645 (Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS ...) @@ -71,11 +71,11 @@ CVE-2005-4715 (Multiple SQL injection vulnerabilities in modules.php in PHP-Nuke 7.8, ...) NOT-FOR-US: PHP-Nuke CVE-2005-4714 (Format string vulnerability in the vmps_log function in OpenVMPS (VLAN ...) - TODO: check + NOT-FOR-US: OpenVMPS CVE-2005-4713 (Unspecified vulnerability in the SQL logging facility in PAM-MySQL ...) TODO: check CVE-2005-4712 (CRLF injection vulnerability in process_signup.php in PHP Handicapper ...) - TODO: check + NOT-FOR-US: Handicapper CVE-2006-XXXX [imagemagick''s display(1) deletes arbitrary files] - imagemagick 6:6.2.4.5-0.7 (bug #352575; medium) - graphicsmagick <not-affected> (Vulnerable code not present) @@ -232,7 +232,7 @@ CVE-2006-0577 (Lexmark X1185 printer allows local users to gain SYSTEM privileges by ...) NOT-FOR-US: Lexmark printer CVE-2006-0576 (Untrusted search path vulnerability in opcontrol in OProfile 0.9.1 and ...) - TODO: check + - oprofile <unfixed> (bug #352910; low) CVE-2006-0575 (convert-fcrontab in Fcron 2.9.5 and 3.0.0 allows remote attackers to ...) - fcron <not-affected> (Not included in Debian package) CVE-2006-0574 (Cross-site scripting (XSS) vulnerability in mime/handle.html in cPanel ...) @@ -325,7 +325,7 @@ CVE-2006-0531 (Unspecified vulnerability in Sun Java System Access Manager 7.0 allows ...) NOT-FOR-US: Sun Java System Access Manager CVE-2003-1293 (Multiple cross-site scripting (XSS) vulnerabilities in NukedWeb ...) - TODO: check + NOT-FOR-US: NukedWeb CVE-2006-XXXX [kphone creates world-readable config file with passwords] - kphone <unfixed> (bug #337830; low) CVE-2006-0530 (Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 ...) @@ -421,29 +421,29 @@ - mozilla-firefox <unfixed> (bug #349339) - mozilla <unfixed> CVE-2006-0495 (Cross-site scripting (XSS) vulnerability in the Add Thread to ...) - TODO: check + NOT-FOR-US: MyBB CVE-2006-0494 (Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.02 ...) NOT-FOR-US: MyBB CVE-2006-0493 (Cross-site scripting (XSS) vulnerability in MG2 (formerly known as ...) - TODO: check + NOT-FOR-US: MG2 CVE-2006-0492 (Multiple SQL injection vulnerabilities in Calendarix allow remote ...) - TODO: check + NOT-FOR-US: Calendarix CVE-2006-0491 (SQL injection vulnerability in SZUserMgnt.class.php in SZUserMgnt 1.4 ...) - TODO: check + NOT-FOR-US: SZUserMgnt CVE-2006-0490 (SQL injection vulnerability in login.asp in ASPThai.Net ASPThai Forums ...) - TODO: check + NOT-FOR-US: ASPThai Forums CVE-2006-0489 (** DISPUTED ** Buffer overflow in the font command of mIRC, probably ...) TODO: check CVE-2006-0488 (The VDM (Virtual DOS Machine) emulation environment for MS-DOS ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2006-0487 (Multiple unspecified vulnerabilities in Tumbleweed MailGate Email ...) - TODO: check + NOT-FOR-US: Tumbleweed MailGate Email Firewall CVE-2006-0486 (Certain Cisco IOS releases in 12.2S based trains with maintenance ...) NOT-FOR-US: IOS CVE-2006-0485 (The TCL shell in Cisco IOS 12.2(14)S before 12.2(14)S16, 12.2(18)S ...) NOT-FOR-US: IOS CVE-2006-0484 (Directory traversal vulnerability in Vis.pl, as part of the FACE ...) - TODO: check + NOT-FOR-US: FACE CONTROL product CVE-2006-0483 (Cisco VPN 3000 series concentrators running software 4.7.0 through ...) NOT-FOR-US: Cisco VPN 3000 CVE-2006-0482 (Linux kernel 2.6.15.1 and earlier, when running on SPARC ...) @@ -454,11 +454,11 @@ [woody] - libpng <not-affected> (Only 1.2.7 affected) [sarge] - libpng3 1.2.8rel-1 CVE-2006-0480 (Cross-site scripting (XSS) vulnerability in the Articles module in ...) - TODO: check + NOT-FOR-US: sPaiz-Nuke CVE-2006-0479 (pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled, ...) - pmwiki <itp> (bug #330117) CVE-2006-0478 (CRE Loaded 6.15 allows remote attackers to perform privileged actions, ...) - TODO: check + NOT-FOR-US: CRE Loaded CVE-2006-0477 (Buffer overflow in git-checkout-index in GIT before 1.1.5 allows ...) - git-core 1.1.5-1 (bug #350274) CVE-2006-0476 (Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to ...)