Author: jmm-guest Date: 2006-03-17 11:11:18 +0000 (Fri, 17 Mar 2006) New Revision: 3637 Modified: data/CVE/list Log: unimportant dropbear issue NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-03-17 11:03:23 UTC (rev 3636) +++ data/CVE/list 2006-03-17 11:11:18 UTC (rev 3637) @@ -82,39 +82,40 @@ NOT-FOR-US: Tivoli CVE-2006-1210 (The web interface for IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 ...) NOT-FOR-US: Tivoli -begin claimed by jmm CVE-2006-1209 (PHP Advanced Transfer Manager 1.00 through 1.30 stores sensitive ...) - TODO: check + NOT-FOR-US: PHP Advanced Transfer Manager CVE-2006-1208 (Sergey Korostel PHP Upload Center allows remote attackers to execute ...) - TODO: check + NOT-FOR-US: Sergey Korostel PHP Upload Center CVE-2006-1207 (PHP Upload Center stores password hashes under the web root with ...) - TODO: check + NOT-FOR-US: PHP Upload Center CVE-2006-1206 (Matt Johnston Dropbear SSH server 0.47 and earlier, as used in ...) - TODO: check + - dropbear <unfixed> (unimportant) + NOTE: By design to protect against DoSing the complete machine, future versions + NOTE: will mitigate by introducing per-IP limits CVE-2006-1205 (Multiple cross-site scripting (XSS) vulnerabilities in myWebland ...) - TODO: check + NOT-FOR-US: myBloggie CVE-2006-1204 (Multiple cross-site scripting (XSS) vulnerabilities in txtForum ...) - TODO: check + NOT-FOR-US: txtForum CVE-2006-1203 (PHP remote file include vulnerability in common.php in txtForum ...) - TODO: check + NOT-FOR-US: txtForum CVE-2006-1202 (Multiple cross-site scripting (XSS) vulnerabilities in textfileBB 1.0 ...) - TODO: check + NOT-FOR-US: textfileBB CVE-2006-1201 (Directory traversal vulnerability in resetpw.php in eschew.net ...) - TODO: check + NOT-FOR-US: phpBannerExchange CVE-2006-1200 (Direct static code injection vulnerability in add_link.txt in daverave ...) - TODO: check + NOT-FOR-US: daverave Link Bank CVE-2006-1199 (Cross-site scripting (XSS) vulnerability in iframe.php in daverave ...) - TODO: check + NOT-FOR-US: daverave Link Bank CVE-2006-1198 (Comvigo IM Lock 2006 uses a simple substitution cipher to encrypt a ...) - TODO: check + NOT-FOR-US: Comvigo IM Lock CVE-2006-1197 (SafeDisc installs the driver service for the secdrv.sys driver with ...) - TODO: check + NOT-FOR-US: SafeDisc CVE-2006-1196 (Multiple cross-site scripting (XSS) vulnerabilities in QwikiWiki 1.5 ...) - TODO: check + NOT-FOR-US: QwikiWiki CVE-2006-1195 (The enet_protocol_handle_send_fragment function in protocol.c for ENet ...) - TODO: check + NOT-FOR-US: Enet lib (Cube, Sauerbraten) CVE-2006-1194 (Integer signedness error in the enet_protocol_handle_incoming_commands ...) - TODO: check + NOT-FOR-US: Enet lib (Cube, Sauerbraten) CVE-2006-1193 RESERVED CVE-2006-1192 @@ -136,10 +137,10 @@ CVE-2006-1184 RESERVED CVE-2006-1183 (The Ubuntu 5.10 installer does not properly clear passwords from the ...) - TODO: check + - base-config <not-affected> (UBuntu specific) + - shadow <not-affected> (UBuntu specific) CVE-2006-1182 (Adobe Graphics Server 2.0 and 2.1 (formerly AlterCast) and Adobe ...) - TODO: check -end claimed by jmm + NOT-FOR-US: Adobe Graphics Server CVE-2006-1181 RESERVED CVE-2006-1180 @@ -170,6 +171,7 @@ RESERVED CVE-2006-1167 RESERVED +begin claimed by jmm CVE-2006-1165 (Cross-site scripting (XSS) vulnerability in the mediamanager module in ...) TODO: check CVE-2006-1164 (Nodez 4.6.1.1 and earlier stores sensitive data in the list.gtdat file ...) @@ -210,6 +212,7 @@ TODO: check CVE-2006-1146 (Stack-based buffer overflow in the Cmd_Say_f function in g_cmds.c in ...) TODO: check +end claimed by jmm CVE-2006-1145 (Format string vulnerability in the safe_cprintf function in ...) TODO: check CVE-2006-1144 (Cross-site scripting (XSS) vulnerability in HitHost 1.0.0 allows ...)