Author: micah Date: 2006-02-19 19:45:10 +0000 (Sun, 19 Feb 2006) New Revision: 3512 Modified: data/CVE/list Log: 25 more NFUs and one ITP that was miscategorized as a NFU before Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-02-19 19:17:34 UTC (rev 3511) +++ data/CVE/list 2006-02-19 19:45:10 UTC (rev 3512) @@ -116,7 +116,7 @@ NOT-FOR-US: powerd NOTE: powerd supposedly normally comes with sysvinit, but not in debian CVE-2006-0680 (Unspecified vulnerability in WebGUI before 6.8.6-gamma allows remote ...) - NOT-FOR-US: WebGUI + - webgui <itp> (bug #139749) CVE-2006-0679 RESERVED CVE-2006-0678 (PostgreSQL 7.3.x before 7.3.14, 7.4.x before 7.4.12, 8.0.x before ...) @@ -611,60 +611,59 @@ NOT-FOR-US: CRE Loaded CVE-2006-0477 (Buffer overflow in git-checkout-index in GIT before 1.1.5 allows ...) - git-core 1.1.5-1 (bug #350274) -claimed by micah CVE-2006-0476 (Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Winamp CVE-2006-0475 (PHP-Ping 1.3 does not properly validate ping counts, which allows ...) - TODO: check + NOT-FOR-US: PHP-Ping CVE-2006-0474 (Multiple integer overflows in Shareaza 2.2.1.0 allow remote attackers ...) - TODO: check + NOT-FOR-US: Shareaza CVE-2006-0473 (Cross-site scripting (XSS) vulnerability in the bbcode function in ...) - TODO: check + NOT-FOR-US: My little homepage CVE-2006-0472 (Cross-site scripting (XSS) vulnerability in guestbook.php in my little ...) - TODO: check + NOT-FOR-US: My little homepage CVE-2006-0471 (Cross-site scripting (XSS) vulnerability in the bbcode function in ...) - TODO: check + NOT-FOR-US: My little homepage CVE-2006-0470 (Cross-site scripting (XSS) vulnerability in search.php in ...) - TODO: check + NOT-FOR-US: MyBB CVE-2006-0469 (Cross-site scripting (XSS) vulnerability in UebiMiau 2.7.9, and ...) - TODO: check + NOT-FOR-US: uebimiau + NOTE: this had an ITP back in 2002, but it never was done (bug #164116) CVE-2006-0468 (CommuniGate Pro Core Server before 5.0.7 allows remote attackers to ...) - TODO: check + NOT-FOR-US: CommuniGate Pro CVE-2005-4707 (Multiple cross-site scripting (XSS) vulnerabilities in PHP GEN before ...) - TODO: check + NOT-FOR-US: PHP GEN CVE-2005-4706 (Unspecified vulnerability in the "privilege management" feature of Sun ...) - TODO: check + NOT-FOR-US: Solaris 10 CVE-2005-4705 (BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through ...) - TODO: check + NOT-FOR-US: BEA WebLogic CVE-2005-4704 (Unspecified vulnerability in BEA WebLogic Server and WebLogic Express ...) - TODO: check + NOT-FOR-US: BEA WebLogic CVE-2005-4703 (Apache Tomcat 4.0.3, when running on Windows, allows remote attackers ...) - TODO: check + NOT-FOR-US: Windows Tomcat vulnerability CVE-2005-4702 (SQL injection vulnerability in the favorites module in index.php in ...) - TODO: check + NOT-FOR-US: IPBProArcade CVE-2005-4701 (Unspecified vulnerability in Process File System (procfs) in Sun ...) - TODO: check + NOT-FOR-US: Solaris 10 CVE-2005-4700 (TellMe 1.2 and earlier, when the Server (o_Server) and HEAD (o_Head) ...) - TODO: check + NOT-FOR-US: TellMe CVE-2005-4699 (Argument injection vulnerability in TellMe 1.2 and earlier allows ...) - TODO: check + NOT-FOR-US: TellMe CVE-2005-4698 (Cross-site scripting (XSS) vulnerability in TellMe 1.2 and earlier ...) - TODO: check + NOT-FOR-US: TellMe CVE-2005-4697 (The Microsoft Wireless Zero Configuration system (WZCS) allows local ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2005-4696 (The Microsoft Wireless Zero Configuration system (WZCS) stores WEP ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2005-4695 (Symantec Brightmail AntiSpam 6.0 build 1 and 2 allows remote attackers ...) - TODO: check + NOT-FOR-US: Symantec Brightmail AntiSpam CVE-2005-4694 (Unspecified vulnerability in the www_add method in Asset.pm in Plain ...) - TODO: check + - webgui <itp> (bug #139749) CVE-2005-4693 (Gaim-Encryption 2.38-1 on Debian Linux allows remote attackers to ...) - gaim-encryption <unfixed> (bug #337127) CVE-2005-4692 (Unspecified vulnerability in mroovca stats (mroovcastats) before ...) - TODO: check + NOT-FOR-US: mroovca CVE-2005-4691 (imake in NetBSD before 2.0.3, NetBSD-current before 12 September 2005, ...) - TODO: check -end claimed by micah + NOT-FOR-US: NetBSD CVE-2005-4690 (Six Apart Movable Type 3.16 allows local users with blog-creation ...) TODO: check CVE-2005-4689 (Six Apart Movable Type 3.16 stores account names and password hashes ...) @@ -1442,7 +1441,7 @@ CVE-2006-0166 (Symantec Norton SystemWorks and SystemWorks Premier 2005 and 2006 ...) NOT-FOR-US: Symantec SystemWorks CVE-2006-0165 (Cross-site scripting (XSS) vulnerability in the DataForm Entries ...) - NOT-FOR-US: Plain Black WebGUI + - webgui <itp> (bug #139749) CVE-2006-0164 (phgstats.inc.php in phgstats before 0.5.1, if register_globals is ...) NOT-FOR-US: phgstats CVE-2006-0163 (SQL injection vulnerability in the search module ...) @@ -6740,7 +6739,7 @@ CVE-2005-2838 (SQL injection vulnerability in login.php in myBloggie 2.1.3-beta and ...) NOT-FOR-US: myBloggie CVE-2005-2837 (Multiple eval injection vulnerabilities in PlainBlack Software WebGUI ...) - NOT-FOR-US: WebGUI + - webgui <itp> (bug #139749) CVE-2005-2836 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum 5.0.17a ...) NOT-FOR-US: Phorum CVE-2005-2835