Author: stef-guest Date: 2006-03-10 20:19:26 +0000 (Fri, 10 Mar 2006) New Revision: 3587 Modified: data/CVE/list Log: some NFUs, claim some more Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-03-10 19:42:55 UTC (rev 3586) +++ data/CVE/list 2006-03-10 20:19:26 UTC (rev 3587) @@ -1,100 +1,99 @@ -begin claimed by stef-guest - CVE-2006-1128 (Directory traversal vulnerability in the session handling class ...) - TODO: check + - gallery2 2.0.3 CVE-2006-1127 (Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 ...) - TODO: check + - gallery2 2.0.3 CVE-2006-1126 (Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP ...) - TODO: check + - gallery2 2.0.3 CVE-2006-1125 (Grisoft AVG Free 7.1, and other versions including 7.0.308, sets ...) - TODO: check + NOT-FOR-US: Grisoft AVG CVE-2006-1124 (Buffer overflow in RevilloC MailServer and Proxy 1.21 allows remote ...) - TODO: check + NOT-FOR-US: RevilloC MailServer and Proxy CVE-2006-1123 (SQL injection vulnerability in D2KBlog 1.0.3 and earlier allows remote ...) - TODO: check + NOT-FOR-US: D2KBlog CVE-2006-1122 (Cross-site scripting (XSS) vulnerability in Default.asp in D2KBlog ...) - TODO: check + NOT-FOR-US: D2KBlog CVE-2006-1121 (Cross-site scripting (XSS) vulnerability in CuteNews 1.4.1 allows ...) - TODO: check + NOT-FOR-US: CuteNews CVE-2006-1120 (Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal ...) - TODO: check + NOT-FOR-US: DCP-Portal CVE-2006-1119 (fantastico in Cpanel does not properly handle when it has insufficient ...) - TODO: check + NOT-FOR-US: Cpanel (PHP) CVE-2006-1118 (SQL injection vulnerability in bmail before Aardvark PR9.1 allows ...) - TODO: check + NOT-FOR-US: Aardvark CVE-2006-1117 (nCipher firmware before V10, as used by (1) nShield, (2) nForce, (3) ...) - TODO: check + NOT-FOR-US: nCipher CVE-2006-1116 (The CBC-MAC integrity functions in the nCipher nCore API before 2.18 ...) - TODO: check + NOT-FOR-US: nCipher CVE-2006-1115 (nCipher HSM before 2.22.6, when generating a Diffie-Hellman ...) - TODO: check + NOT-FOR-US: nCipher CVE-2006-1114 (Multiple directory traversal vulnerabilities in Loudblog before 0.42 ...) - TODO: check + NOT-FOR-US: Loudblog CVE-2006-1113 (SQL injection vulnerability in podcast.php in Loudblog before 0.42 ...) - TODO: check + NOT-FOR-US: Loudblog CVE-2006-1112 (Aztek Forum 4.0 allows remote attackers to obtain sensitive ...) - TODO: check + NOT-FOR-US: Aztek Forum CVE-2006-1111 (Aztek Forum 4.0 allows remote attackers to obtain sensitive ...) - TODO: check + NOT-FOR-US: Aztek Forum CVE-2006-1110 (Cross-site scripting (XSS) vulnerability in Aztek Forum 4.0 allows ...) - TODO: check + NOT-FOR-US: Aztek Forum CVE-2006-1109 (SQL injection vulnerability in index.asp in Total Ecommerce 1.0 allows ...) - TODO: check + NOT-FOR-US: Total Ecommerce CVE-2006-1108 (SQL injection vulnerability in news.php in NMDeluxe before 1.0.1 ...) - TODO: check + NOT-FOR-US: NMDeluxe CVE-2006-1107 (Cross-site scripting (XSS) vulnerability in news.php in NMDeluxe ...) - TODO: check + NOT-FOR-US: NMDeluxe CVE-2006-1106 (Cross-site scripting (XSS) vulnerability in Pixelpost 1.5 beta 1 and ...) - TODO: check + NOT-FOR-US: Pixelpost CVE-2006-1105 (Pixelpost 1.5 beta 1 and earlier allows remote attackers to obtain ...) - TODO: check + NOT-FOR-US: Pixelpost CVE-2006-1104 (Multiple SQL injection vulnerabilities in Pixelpost 1.5 beta 1 and ...) - TODO: check + NOT-FOR-US: Pixelpost CVE-2006-1103 (engine/server.cpp in Sauerbraten 2006_02_28, as derived from the Cube ...) - TODO: check + NOT-FOR-US: Sauerbraten / cube engine CVE-2006-1102 (Sauerbraten 2006_02_28, as derived from the Cube engine, allows remote ...) - TODO: check + NOT-FOR-US: Sauerbraten / cube engine CVE-2006-1101 (The (1) sgetstr and (2) getint functions in Sauerbraten 2006_02_28, as ...) - TODO: check + NOT-FOR-US: Sauerbraten / cube engine CVE-2006-1100 (Buffer overflow in the sgetstr function in shared/cube.h in ...) - TODO: check + NOT-FOR-US: Sauerbraten / cube engine CVE-2006-1099 (PHP remote file include vulnerability in logIT 1.3 and 1.4 allows ...) - TODO: check + NOT-FOR-US: logIT CVE-2006-1098 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: NZ Ecommerce CVE-2006-1097 (Multiple cross-site scripting (XSS) vulnerabilities in Datenbank MOD ...) - TODO: check + NOT-FOR-US: Woltlab Burning Board CVE-2006-1096 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: NZ Ecommerce CVE-2006-1095 (Unspecified vulnerability in the FileSession object in Mod_python ...) - TODO: check + NOTE: only version 3.2.7 is vulnerable, 3.2.8 is out + NOTE: currently 3.1.3 is in Debian; very unlikely that 3.2.7 will be packaged CVE-2006-1094 (SQL injection vulnerability in Datenbank MOD 2.7 and earlier for ...) - TODO: check + NOT-FOR-US: Woltlab Burning Board CVE-2006-1093 (Unspecified vulnerability in IBM WebSphere 5.0.2.10 through 5.0.2.15 ...) - TODO: check + NOT-FOR-US: IBM WebSphere CVE-2006-1092 (Unspecified vulnerability in the pagedata subsystem of the process ...) - TODO: check + NOT-FOR-US: Solaris CVE-2006-1091 (Kaspersky Antivirus 5.0.5 and 5.5.3 allows remote attackers to cause a ...) - TODO: check + NOT-FOR-US: Kaspersky Antivirus CVE-2006-1090 (register.php in PunBB 1.2.10 allows remote attackers to cause an ...) - TODO: check + NOT-FOR-US: PunBB CVE-2006-1089 (Cross-site scripting (XSS) vulnerability in header.php in PunBB 1.2.10 ...) - TODO: check + NOT-FOR-US: PunBB CVE-2006-1088 (PHP-Stats 0.1.9.1 and earlier allows remote attackers to obtain ...) - TODO: check + NOT-FOR-US: PHP-Stats CVE-2006-1087 (Direct static code injection vulnerability in the modify_config action ...) - TODO: check - -end claimed by stef-guest - + NOT-FOR-US: PHP-Stats CVE-2006-1086 REJECTED CVE-2006-1085 (admin.php in PHP-Stats 0.1.9.1 and earlier allows remote attackers to ...) - TODO: check + NOT-FOR-US: PHP-Stats CVE-2006-1084 (Multiple SQL injection vulnerabilities in PHP-Stats 0.1.9.1 and ...) - TODO: check + NOT-FOR-US: PHP-Stats CVE-2006-1083 (Multiple directory traversal vulnerabilities in PHP-Stats 0.1.9.1 and ...) - TODO: check + NOT-FOR-US: PHP-Stats + +begin claimed by stef-guest + CVE-2006-1082 (Multiple cross-site scripting (XSS) vulnerabilities in phpArcadeScript ...) TODO: check CVE-2006-1081 (SQL injection vulnerability in forgotten_password.php in Jonathan ...) @@ -131,6 +130,9 @@ RESERVED CVE-2006-1065 (SQL injection vulnerability in search.php in MyBulletinBoard (MyBB) ...) TODO: check + +end claimed by stef-guest + CVE-2006-1064 (Multiple cross-site scripting (XSS) vulnerabilities in Lurker 2.0 and ...) - lurker 2.1-1 CVE-2006-1063 (Unspecified vulnerability in Lurker 2.0 and earlier allows remote ...)