Author: jmm-guest Date: 2006-03-24 10:24:20 +0000 (Fri, 24 Mar 2006) New Revision: 3680 Modified: data/CVE/list Log: new freeradius issue (unfixed) NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-03-24 10:20:13 UTC (rev 3679) +++ data/CVE/list 2006-03-24 10:24:20 UTC (rev 3680) @@ -47,7 +47,7 @@ CVE-2006-1355 (avast! Antivirus 4.6.763 and earlier sets "BUILTIN\Everyone" ...) TODO: check CVE-2006-1354 (Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows ...) - TODO: check + - freeradius <unfixed> CVE-2006-1353 (Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier ...) TODO: check CVE-2006-1352 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 ...) @@ -156,44 +156,42 @@ RESERVED CVE-2006-1299 RESERVED -begin claimed by jmm CVE-2006-1298 (Format string vulnerability in the Job Engine service (bengine.exe) in ...) - TODO: check + NOT-FOR-US: Veritas Backup CVE-2006-1297 (Unspecified vulnerability in Veritas Backup Exec for Windows Server ...) - TODO: check + NOT-FOR-US: Veritas Backup CVE-2006-1296 (Untrusted search path vulnerability in Beagle 0.2.2.1 might allow ...) - beagle 0.2.3-1 (bug #357392; low) CVE-2006-1295 (Cross-site scripting (XSS) vulnerability in recherche.php3 in SPIP ...) - TODO: check + NOT-FOR-US: SPIP CVE-2006-1294 (PHP remote file include vulnerability in PageController.php in ...) - TODO: check + NOT-FOR-US: KnowledgebasePublisher CVE-2006-1293 (Cross-site scripting (XSS) vulnerability in index.php in Contrexx CMS ...) - TODO: check + NOT-FOR-US: Contrexx CVE-2006-1292 (Directory traversal vulnerability in Jim Hu and Chad Little PHP ...) - TODO: check + NOT-FOR-US: Jim Hu and Chad Little PHP iCalendar CVE-2006-1291 (publish.ical.php in Jim Hu and Chad Little PHP iCalendar 2.21 and ...) - TODO: check + NOT-FOR-US: Jim Hu and Chad Little PHP iCalendar CVE-2006-1290 (Multiple cross-site scripting (XSS) vulnerabilities in Milkeyway ...) - TODO: check + NOT-FOR-US: Milkeyway Captive Portal CVE-2006-1289 (Multiple SQL injection vulnerabilities in Milkeyway Captive Portal 0.1 ...) - TODO: check + NOT-FOR-US: Milkeyway Captive Portal CVE-2006-1288 (Multiple SQL injection vulnerabilities in Invision Power Board (IPB) ...) - TODO: check + NOT-FOR-US: Invision Power Board CVE-2006-1287 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) ...) - TODO: check + NOT-FOR-US: Invision Power Board CVE-2006-1286 (Buffer overflow in the login dialog in dbisqlc.exe in SQLAnywhere for ...) - TODO: check + NOT-FOR-US: Symantec Ghost CVE-2006-1285 (SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost ...) - TODO: check + NOT-FOR-US: Symantec Ghost CVE-2006-1284 (The installation of SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used ...) - TODO: check -end claimed by jmm + NOT-FOR-US: Symantec Ghost CVE-2006-1283 (opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD ...) TODO: check CVE-2006-1282 (CRLF injection vulnerability in inc/function.php in MyBulletinBoard ...) - TODO: check + NOT-FOR-US: MyBB CVE-2006-1281 (Cross-site scripting (XSS) in member.php in MyBulletinBoard (MyBB) ...) - TODO: check + NOT-FOR-US: MyBB CVE-2006-1280 (CGI::Session 4.03-1 does not set proper permissions on temporary files ...) - libcgi-session-perl 4.07-1 CVE-2006-1279 (CGI::Session 4.03-1 allows local users to overwrite arbitrary files ...) @@ -273,17 +271,17 @@ CVE-2005-4741 (NetBSD 1.6, NetBSD 2.0 through 2.1, and NetBSD-current before 20051031 ...) TODO: check CVE-2005-4740 (IBM DB2 Universal Database (UDB) 810 before version 8 FixPak 10 allows ...) - TODO: check + NOT-FOR-US: IBM DB2 CVE-2005-4739 (IBM DB2 Universal Database (UDB) 820 before version 8 FixPak 10 ...) - TODO: check + NOT-FOR-US: IBM DB2 CVE-2005-4738 (IBM DB2 Universal Database (UDB) 810 before ESE AIX 5765F4100 does not ...) - TODO: check + NOT-FOR-US: IBM DB2 CVE-2005-4737 (IBM DB2 Universal Database (UDB) 820 before ESE AIX 5765F4100 allows ...) - TODO: check + NOT-FOR-US: IBM DB2 CVE-2005-4736 (IBM DB2 Universal Database (UDB) 820 before 8.2 FP10 allows remote ...) - TODO: check + NOT-FOR-US: IBM DB2 CVE-2005-4735 (IBM DB2 Universal Database (UDB) 810 before 8.1 FP10 allows remote ...) - TODO: check + NOT-FOR-US: IBM DB2 CVE-2005-4734 (Stack-based buffer overflow in IISWebAgentIF.dll in RSA Authentication ...) TODO: check CVE-2005-4733 (NetBSD 2.0 before 20050316 and NetBSD-current before 20050112 allow ...)