Author: stef-guest Date: 2006-05-12 10:56:53 +0000 (Fri, 12 May 2006) New Revision: 3941 Modified: data/CVE/list Log: new xine issue new drupal issue new webcalendar issue some NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-05-12 09:55:58 UTC (rev 3940) +++ data/CVE/list 2006-05-12 10:56:53 UTC (rev 3941) @@ -55,69 +55,69 @@ CVE-2005-4798 (Buffer overflow in NFS readlink handling in the Linux Kernel 2.4 up to ...) TODO: check CVE-2006-2270 (PHP remote file inclusion vulnerability in includes/config.php in ...) - TODO: check + NOT-FOR-US: Jetbox CMS CVE-2006-2269 (Cross-site scripting (XSS) vulnerability in myWebland MyBloggie 2.1.3 ...) - TODO: check + NOT-FOR-US: myWebland MyBloggie CVE-2006-2268 (SQL injection vulnerability in FlexCustomer 0.0.4 and earlier allows ...) - TODO: check + NOT-FOR-US: FlexCustomer CVE-2006-2267 (Kerio WinRoute Firewall before 6.2.1 allows remote attackers to cause ...) - TODO: check + NOT-FOR-US: Kerio WinRoute Firewall CVE-2006-2266 (SQL injection vulnerability in Chirpy! 0.1 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Chirpy! CVE-2006-2265 (Cross-site scripting vulnerability in admin/main.asp in Ocean12 ...) - TODO: check + NOT-FOR-US: Ocean12 Calendar Manager Pro CVE-2006-2264 (Multiple SQL injection vulnerabilities in Ocean12 Calendar Manager Pro ...) - TODO: check + NOT-FOR-US: Ocean12 Calendar Manager Pro CVE-2006-2263 (SQL injection vulnerability in shopcurrency.asp in VP-ASP 6.00 allows ...) - TODO: check + NOT-FOR-US: VP-ASP CVE-2006-2262 (Cross-site scripting (XSS) vulnerability in index.php in singapore ...) - TODO: check + NOT-FOR-US: singapore CVE-2006-2261 (PHP remote file inclusion vulnerability in day.php in ACal 2.2.6 ...) - TODO: check + NOT-FOR-US: ACal CVE-2006-2260 (Cross-site scripting (XSS) vulnerability in the project module ...) - TODO: check + - drupal <unfixed> (bug filed; medium) CVE-2006-2259 (SQL injection vulnerability in Logon.asp in MaxxSchedule 1.0 allows ...) - TODO: check + NOT-FOR-US: MaxxSchedule CVE-2006-2258 (Cross-site scripting (XSS) vulnerability in Logon.asp in MaxxSchedule ...) - TODO: check + NOT-FOR-US: MaxxSchedule CVE-2006-2257 (Cross-site scripting (XSS) vulnerability in index.php in easyEvent 1.2 ...) - TODO: check + NOT-FOR-US: easyEvent CVE-2006-2256 (PHP remote file inclusion vulnerability in includes/dbal.php in EQdkp ...) - TODO: check + NOT-FOR-US: EQdkp CVE-2006-2255 (Multiple SQL injection vulnerabilities in Creative Community Portal ...) - TODO: check + NOT-FOR-US: Creative Community Portal CVE-2006-2254 (Buffer overflow in filecpnt.exe in FileCOPA 1.01 allows remote ...) - TODO: check + NOT-FOR-US: FileCOPA CVE-2006-2253 (PHP remote file inclusion vulnerability in visible_count_inc.php in ...) - TODO: check + NOT-FOR-US: Statit CVE-2006-2252 (Cross-site scripting vulnerability in submit.php in OpenFAQ 0.4.0 ...) - TODO: check + NOT-FOR-US: OpenFAQ CVE-2006-2251 (SQL injection vulnerability in the do_mmod function in mod.php in ...) - TODO: check + NOT-FOR-US: Invision Community Blog CVE-2006-2250 (CuteNews 1.4.1 allows remote attackers to obtain sensitive information ...) - TODO: check + NOT-FOR-US: CuteNews CVE-2006-2249 (Multiple cross-site scripting (XSS) vulnerabilities in search.php in ...) - TODO: check + NOT-FOR-US: CuteNews CVE-2006-2248 (Xeneo Web Server 2.2.22.0 allows remote attackers to obtain the source ...) - TODO: check + NOT-FOR-US: Xeneo Web Server CVE-2006-2247 (WebCalendar 1.0.1 to 1.0.3 generates different error messages ...) - TODO: check + - webcalendar <unfixed> (medium; bug #366927) CVE-2006-2246 (Cross-site scripting (XSS) vulnerability in UBlog 1.6 Access Edition ...) - TODO: check + NOT-FOR-US: UBlog CVE-2006-2245 (PHP remote file inclusion vulnerability in auction\auction_common.php ...) NOT-FOR-US: Auction mod 1.3m for phpBB CVE-2006-2244 (Multiple SQL injection vulnerabilities in Web4Future News Portal allow ...) - TODO: check + NOT-FOR-US: Web4Future News Portal CVE-2006-2243 (Multiple cross-site scripting (XSS) vulnerabilities in Web4Future News ...) - TODO: check + NOT-FOR-US: Web4Future News Portal CVE-2006-2242 (acFTP 1.4 allows remote attackers to cause a denial of service ...) - TODO: check + NOT-FOR-US: acFTP CVE-2006-2241 (PHP remote file inclusion vulnerability in show.php in Fast Click SQL ...) - TODO: check + NOT-FOR-US: Fast Click SQL Lite CVE-2006-2240 (Unspecified vulnerability in the (1) web cache or (2) web proxy in ...) - TODO: check + NOT-FOR-US: Fujitsu NetShelter/FW CVE-2006-2239 (SQL injection vulnerability in readarticle.php in Newsadmin 1.1 allows ...) - TODO: check + NOT-FOR-US: Newsadmin CVE-2006-2238 RESERVED CVE-2006-2237 (The web interface for AWStats 6.4 and 6.5, when statistics updates are ...) @@ -125,25 +125,25 @@ CVE-2006-2236 (Buffer overflow in the Quake 3 Engine, as used by (1) ET 2.60, (2) ...) - quake3 <itp> (bug #337937) CVE-2006-2235 (CodeMunkyX (aka free-php.net) Simple Poll 1.0, when authentication is ...) - TODO: check + NOT-FOR-US: Simple Poll CVE-2006-2234 (Multiple cross-site scripting (XSS) vulnerabilities in TyroCMS beta ...) - TODO: check + NOT-FOR-US: TyroCMS CVE-2006-2233 (Buffer overflow in BankTown Client Control (aka BtCxCtl20Com) ...) - TODO: check + NOT-FOR-US: BankTown Client Control CVE-2006-2232 (Cross-site scripting (XSS) vulnerability in Scriptsez Cute Guestbook ...) - TODO: check + NOT-FOR-US: Scriptsez Cute Guestbook CVE-2006-2231 (Multiple cross-site scripting (XSS) vulnerabilities in addguest.cgi in ...) - TODO: check + NOT-FOR-US: Big Webmaster Guestbook Script CVE-2006-2230 (Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine ...) - TODO: check + - xine-ui <unfixed> (medium; bug #363370) CVE-2006-2229 (OpenVPN 2.0.7 and earlier, when configured to use the --management ...) - openvpn <unfixed> (unimportant) NOTE: One needs to explicitly set the IP to something else than 127.0.0.1 NOTE: in order to be vulnerable. The man page recommends not to do it. CVE-2006-2228 (Cross-site scripting (XSS) vulnerability in w-Agora (aka Web-Agora) ...) - TODO: check + NOT-FOR-US: Web-Agora CVE-2006-2227 (Cross-site scripting (XSS) vulnerability in misc.php in PunBB 1.2.11 ...) - TODO: check + NOT-FOR-US: PunBB CVE-2006-2226 (Buffer overflow in XM Easy Personal FTP Server 4.2 allows remote ...) TODO: check CVE-2006-2225 (Buffer overflow in XM Easy Personal FTP Server 4.3 and earlier allows ...) @@ -261,7 +261,7 @@ CVE-2006-2176 (Multiple cross-site scripting (XSS) vulnerabilities in links.php in ...) TODO: check CVE-2006-2175 (PHP remote file inclusion vulnerability in FtrainSoft Fast Click 2.3.8 ...) - TODO: check + NOT-FOR-US: Fast Click CVE-2006-2174 (Multiple cross-site scripting (XSS) vulnerabilities in ...) TODO: check CVE-2006-2173 (Buffer overflow in FileZilla FTP Server allows remote authenticated ...)