Author: jmm-guest Date: 2006-02-19 18:47:30 +0000 (Sun, 19 Feb 2006) New Revision: 3509 Modified: data/CVE/list Log: two obscure new issues flyspray not-affected lots of NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-02-19 18:28:50 UTC (rev 3508) +++ data/CVE/list 2006-02-19 18:47:30 UTC (rev 3509) @@ -2,97 +2,96 @@ - sa-exim <unfixed> (bug #345071) CVE-2006-XXXX [imagemagick: array index overflow in DisplayImageCommand] - imagemagick 6:6.2.4.5-0.6 (bug #345595) -begin claimed by jmm CVE-2006-0735 (Cross-site scripting (XSS) vulnerability in My Blog before 1.65 allows ...) - TODO: check + NOT-FOR-US: My Blog CVE-2006-0734 (Unspecified vulnerability in Valve Software Half-Life CSTRIKE ...) - TODO: check + NOT-FOR-US: Half-Life CVE-2006-0733 (** DISPUTED ** ...) - TODO: check + - wordpress <unfixed> + NOTE: This may very well be a non-issue CVE-2006-0732 (Unspecified vulnerability in SAP Business Connector 4.6 and 4.7 allows ...) - TODO: check + NOT-FOR-US: SAP Business Connector CVE-2006-0731 (Unspecified vulnerability in SAP Business Connector Core Fix 7 and ...) - TODO: check + NOT-FOR-US: SAP Business Connector CVE-2006-0730 (Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow ...) - dovecot <unfixed> (bug filed; medium) [sarge] - dovecot <not-affected> (Vulnerable code was introduced in 1.0beta1) CVE-2006-0729 (SQL injection vulnerability in functions.php in Teca Diary PE 1.0 ...) - TODO: check + NOT-FOR-US: Teca Diary CVE-2006-0728 (SQL injection vulnerability in search.php in webSPELL 4.01.00 and ...) - TODO: check + NOT-FOR-US: webSPELL CVE-2006-0727 (SQL injection vulnerability in mstrack.php in MusOX DF MSAnalysis ...) - TODO: check + NOT-FOR-US: MusOX DF CVE-2006-0726 (Cross-site scripting (XSS) vulnerability in linking.php in CPG-Nuke ...) - TODO: check + NOT-FOR-US: CPG-Nuke CVE-2006-0725 (PHP remote file include vulnerability in prepend.php in Plume CMS ...) - TODO: check + NOT-FOR-US: Plume CMS CVE-2006-0724 (profile.php in Reamday Enterprises Magic News Lite 1.2.3, when ...) - TODO: check + NOT-FOR-US: Reamday Enterprises Magic News Lite CVE-2006-0723 (preview.php in Reamday Enterprises Magic News Lite 1.2.3, when ...) - TODO: check + NOT-FOR-US: Reamday Enterprises Magic News Lite CVE-2006-0722 (settings.php in Reamday Enterprises Magic Downloads 1.1.3, when ...) - TODO: check + NOT-FOR-US: Reamday Enterprises Magic News Lite CVE-2006-0721 (SQL injection vulnerability in pmlite.php in RunCMS 1.2 and 1.3a ...) - TODO: check + NOT-FOR-US: RunCMS CVE-2006-0720 RESERVED CVE-2006-0719 (SQL injection vulnerability in member_login.php in PHP Classifieds ...) - TODO: check + NOT-FOR-US: PHP Classifieds CVE-2006-0718 (The Internet Key Exchange version 1 (IKEv1) implementation in Avaya ...) - TODO: check + NOT-FOR-US: Avaya VSU CVE-2006-0717 (IBM Tivoli Directory Server 6.0 allows remote attackers to cause a ...) - TODO: check + NOT-FOR-US: Tivoli CVE-2006-0716 (SQL injection vulnerability in index.php in sNews 1.3 allows remote ...) - TODO: check + NOT-FOR-US: sNews CVE-2006-0715 (Cross-site scripting (XSS) vulnerability in sNews 1.3 allows remote ...) - TODO: check + NOT-FOR-US: sNews CVE-2006-0714 (Directory traversal vulnerability in the installation file ...) - TODO: check + - flyspray <not-affected> (Vulnerable code not included in Debian) CVE-2006-0713 (Directory traversal vulnerability in LinPHA 1.0 allows remote ...) - TODO: check + NOT-FOR-US: LinPHA CVE-2006-0712 (mail_html template in Squishdot 1.5.0 and earlier does not properly ...) - TODO: check + NOT-FOR-US: Squishdot CVE-2006-0711 (The (1) addfolder and (2) deletefolder functions in neomail-prefs.pl ...) - TODO: check + NOT-FOR-US: NeoMail CVE-2006-0710 (Double-free vulnerability in isode.eddy in Isode M-Vault Server 11.3 ...) - TODO: check + NOT-FOR-US: Isode M-Vault CVE-2006-0709 (Buffer overflow in Metamail 2.7-50 allows remote attackers to cause a ...) - TODO: check + - metamail <unfixed> (bug #352482) CVE-2006-0708 (Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow ...) - TODO: check + NOT-FOR-US: Winamp CVE-2006-0707 (PyBlosxom before 1.3.2, when running on certain webservers, allows ...) - pyblosxom 1.3.2-1 (high) CVE-2006-0706 (Cross-site scripting vulnerability in eintrag.php in Gästebuch ...) - TODO: check + NOT-FOR-US: Gästebuch CVE-2006-0705 (Format string vulnerability in a logging function as used by various ...) - TODO: check + NOT-FOR-US: Proprietary SFTP servers CVE-2006-0704 (iE Integrator 4.4.220114, when configured without a "bespoke error ...) - TODO: check + NOT-FOR-US: iE Integrator CVE-2006-0703 (Unspecified vulnerability in index.php in imageVue 16.1 has unknown ...) - TODO: check + NOT-FOR-US: imageVue CVE-2006-0702 (admin/upload.php in imageVue 16.1 allows remote attackers to upload ...) - TODO: check + NOT-FOR-US: imageVue CVE-2006-0701 (readfolder.php in imageVue 16.1 allows remote attackers to list ...) - TODO: check + NOT-FOR-US: imageVue CVE-2006-0700 (imageVue 16.1 allows remote attackers to obtain folder permission ...) - TODO: check + NOT-FOR-US: imageVue CVE-2006-0699 (Cross-site scripting (XSS) vulnerability in search.php in QWikiWiki ...) - TODO: check + NOT-FOR-US: QWikiWiki CVE-2006-0698 (Unspecified vulnerabilities in Zen Cart before 1.2.7 allow remote ...) - TODO: check + NOT-FOR-US: Zen Cart CVE-2006-0697 (Zen Cart before 1.2.7 does not protect the admin/includes directory, ...) - TODO: check + NOT-FOR-US: Zen Cart CVE-2006-0696 (SQL injection vulnerability in Zen Cart before 1.2.7 allows remote ...) - TODO: check + NOT-FOR-US: Zen Cart CVE-2006-0695 (Ansilove before 1.03 does not filter uploaded file extensions, which ...) - TODO: check + NOT-FOR-US: Ansilove CVE-2006-0694 (Unspecified vulnerability in the loaders (load_*.php) in Ansilove ...) - TODO: check + NOT-FOR-US: Ansilove CVE-2006-0693 (Multiple SQL injection vulnerabilities in rb_auth.php in Roberto Butti ...) - TODO: check + NOT-FOR-US: Roberto Butti CALimba CVE-2006-0692 (Multiple SQL injection vulnerabilities in Carey Briggs PHP/MYSQL ...) - TODO: check -end claimed by jmm + NOT-FOR-US: Carey Briggs Timesheet CVE-2006-0691 (edituser.php in TTS Time Tracking Software 3.0 does not verify that ...) NOT-FOR-US: TTS Time Tracking Software CVE-2006-0690 (Multiple SQL injection vulnerabilities in TTS Time Tracking Software ...)