Author: alec-guest
Date: 2006-05-21 10:16:21 +0000 (Sun, 21 May 2006)
New Revision: 4023
Modified:
data/CVE/list
Log:
* found fixed pdns-recursor (not yet in etch)
* NFUs
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-05-21 09:52:00 UTC (rev 4022)
+++ data/CVE/list 2006-05-21 10:16:21 UTC (rev 4023)
@@ -854,7 +854,7 @@
CVE-2006-2089 (Multiple cross-site scripting (XSS) vulnerabilities in misc.php
in ...)
NOT-FOR-US: OpenBB
CVE-2006-2088 (Multiple cross-site scripting (XSS) vulnerabilities in Devsyn
Open ...)
- TODO: check
+ NOT-FOR-US: OpenBB
CVE-2006-2087 (The Gmax Mail client in Hitachi Groupmax before 20060426 allows
remote ...)
NOT-FOR-US: Hitachi Groupmax
CVE-2006-2086 (Buffer overflow in JuniperSetupDLL.dll, loaded from
JuniperSetup.ocx ...)
@@ -890,7 +890,7 @@
- bind9 <unfixed> (low)
[sarge] - bind9 <no-dsa> (Only exploitable by trusted users after TSIG
transaction)
CVE-2006-2072 (Multiple unspecified vulnerabilities in DeleGate 9.x before
9.0.6 and ...)
- TODO: check
+ NOT-FOR-US: DeleGate
CVE-2005-4793 (Multiple unspecified vulnerabilities in the web utility function
in ...)
TODO: check
CVE-2005-4792 (SQL injection vulnerability in index.php in Appalachian State
...)
@@ -900,93 +900,93 @@
CVE-2006-2071 (Linux kernel 2.4.x and 2.6.x up to 2.6.16 allows local users to
bypass ...)
TODO: check
CVE-2006-2070 (Cross-site scripting (XSS) vulnerability in member.php in DevBB
1.0.0 ...)
- TODO: check
+ NOT-FOR-US: DevBB
CVE-2006-2069 (The recursor in PowerDNS before 3.0.1 allows remote attackers to
cause ...)
- TODO: check
+ - pdns-recursor 3.0.1-1 (medium)
CVE-2006-2068 (Unspecified vulnerability in Hitachi JP1 products allow remote
...)
NOT-FOR-US: Hitachi JP1
CVE-2006-2067 (SQL injection vulnerability in vb_board_functions.php in
MKPortal 1.1, ...)
- TODO: check
+ NOT-FOR-US: MKPortal
CVE-2006-2066 (Multiple cross-site scripting (XSS) vulnerabilities pm_popup.php
in ...)
- TODO: check
+ NOT-FOR-US: MKPortal
CVE-2006-2065 (SQL injection vulnerability in save.php in PHPSurveyor 0.995 and
...)
- TODO: check
+ NOT-FOR-US: PHPSurveyor
CVE-2006-2064 (Unspecified vulnerability in the libpkcs11 library in Sun
Solaris 10 ...)
- TODO: check
+ NOT-FOR-US: Sun
CVE-2006-2063 (Multiple cross-site scripting (XSS) vulnerabilities in Leadhound
Full ...)
- TODO: check
+ NOT-FOR-US: Leadhound
CVE-2006-2062 (Multiple SQL injection vulnerabilities in Leadhound Full and
LITE 2.1, ...)
- TODO: check
+ NOT-FOR-US: Leadhound
CVE-2006-2061 (SQL injection vulnerability in lib/func_taskmanager.php in
Invision ...)
- TODO: check
+ NOT-FOR-US: Invision
CVE-2006-2060 (Directory traversal vulnerability in
action_admin/paysubscriptions.php ...)
- TODO: check
+ NOT-FOR-US: Invision
CVE-2006-2059 (action_public/search.php in Invision Power Board (IPB) 2.1.x and
2.0.x ...)
- TODO: check
+ NOT-FOR-US: Invision
CVE-2006-2058 (Argument injection vulnerability in Avant Browser 10.1 Build 17
allows ...)
- TODO: check
+ NOT-FOR-US: Avant
CVE-2006-2057 (Argument injection vulnerability in Mozilla Firefox 1.06 allows
...)
- TODO: check
+ NOT-FOR-US: Only on Windows
CVE-2006-2056 (Argument injection vulnerability in Internet Explorer 6 for
Windows XP ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-2055 (Argument injection vulnerability in Micrsoft Outlook 2003 SP1
allows ...)
NOT-FOR-US: Micrsoft Outlook
CVE-2006-2054 (3Com Baseline Switch 2848-SFP Plus Model #3C16486 with firmware
before ...)
NOT-FOR-US: 3Com
CVE-2006-2053 (Multiple SQL injection vulnerabilities in QuickEStore 7.9 and
earlier ...)
- TODO: check
+ NOT-FOR-US: QuickEStore
CVE-2006-2052 (Cross-site scripting (XSS) vulnerability in Verosky Media
Instant ...)
- TODO: check
+ NOT-FOR-US: Verosky
CVE-2006-2051 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: NextAge
CVE-2006-2050 (SQL injection vulnerability in dcboard.cgi in DCScripts
DCForumLite ...)
- TODO: check
+ NOT-FOR-US: DCScripts
CVE-2006-2049 (Cross-site scripting (XSS) vulnerability in dcboard.cgi in
DCScripts ...)
- TODO: check
+ NOT-FOR-US: DCScripts
CVE-2006-2048 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
- TODO: check
+ NOT-FOR-US: phpWebFTP
CVE-2006-2047 (Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier
allows ...)
- TODO: check
+ NOT-FOR-US: ColdFusion
CVE-2006-2046 (Multiple SQL injection vulnerabilities in Application Dynamics
...)
- TODO: check
+ NOT-FOR-US: ColdFusion
CVE-2006-2045 (The (1) shadow password file in na-img-4.0.34.bin for the IP3
Networks ...)
- TODO: check
+ NOT-FOR-US: IP3
CVE-2006-2044 (na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has a
default ...)
- TODO: check
+ NOT-FOR-US: IP3
CVE-2006-2043 (na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 allows
local ...)
- TODO: check
+ NOT-FOR-US: IP3
CVE-2006-2042 (Adobe Dreamweaver 8 before 8.0.2 and MX 2004 can generate code
that ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2006-2041 (PhpWebGallery before 1.6.0RC1 allows remote attackers to obtain
...)
- TODO: check
+ NOT-FOR-US: PhpWebGallery
CVE-2006-2040 (Multiple SQL injection vulnerabilities in photokorn 1.53 and
1.542 ...)
- TODO: check
+ NOT-FOR-US: photokorn
CVE-2006-2039 (Multiple SQL injection vulnerabilities in the osTicket module in
Help ...)
- TODO: check
+ NOT-FOR-US: Help Center Live
CVE-2006-2038 (Multiple SQL injection vulnerabilities in ampleShop 2.1 and
earlier ...)
- TODO: check
+ NOT-FOR-US: ampleShop
CVE-2006-2037 (Cross-site scripting (XSS) vulnerability in index.php in
Thwboard 3.0 ...)
- TODO: check
+ NOT-FOR-US: Thwboard
CVE-2006-2036 (iOpus Secure Email Attachments (SEA), probably 1.0, does not
properly ...)
- TODO: check
+ NOT-FOR-US: iOpus
CVE-2006-2035 (Websense, when configured to permit access to the dynamic
content ...)
- TODO: check
+ NOT-FOR-US: Websense
CVE-2006-2034 (SQL injection vulnerability in function/showprofile.php in
FlexBB ...)
- TODO: check
+ NOT-FOR-US: FlexBB
CVE-2006-2033 (PHP remote file inclusion vulnerability in Core CoreNews 2.0.1
and ...)
- TODO: check
+ NOT-FOR-US: Core
CVE-2006-2032 (Multiple SQL injection vulnerabilities in Core CoreNews 2.0.1
and ...)
- TODO: check
+ NOT-FOR-US: Core
CVE-2006-2031 (Cross-site scripting (XSS) vulnerability in index.php in
phpMyAdmin ...)
TODO: check
CVE-2006-2030 (The Allied Telesyn AT-9724TS switch allows remote attackers to
cause a ...)
NOT-FOR-US: Allied Telesyn
CVE-2006-2029 (Multiple SQL injection vulnerabilities in Jeremy Ashcraft
Simplog ...)
- TODO: check
+ NOT-FOR-US: Simplog
CVE-2006-2028 (Cross-site scripting (XSS) vulnerability in imagelist.php in
Jeremy ...)
- TODO: check
+ NOT-FOR-US: Simplog
CVE-2006-2027 (Buffer overflow in Unicode processing in the logging
functionality in ...)
- TODO: check
+ NOT-FOR-US: Pablo Software
CVE-2006-2026 (Double-free vulnerability in tif_jpeg.c in libtiff before 3.8.1
allows ...)
{DSA-1054-1}
[sarge] - tiff 3.7.2-3sarge1
@@ -1003,15 +1003,15 @@
[woody] - tiff 3.5.5-7woody1
- tiff 3.8.1
CVE-2006-2023 (Integer overflow in the RTSP_msg_len function in
rtsp/RTSP_msg_len.c ...)
- TODO: check
+ NOT-FOR-US: Fenice
CVE-2006-2022 (Buffer overflow in the parse_url function in the RTSP module
...)
- TODO: check
+ NOT-FOR-US: Fenice
CVE-2006-2021 (Absolute path traversal vulnerability in
recordings/misc/audio.php in ...)
- TODO: check
+ NOT-FOR-US: Asterisk@Home
CVE-2006-2020 (Asterisk Recording Interface (ARI) in Asterisk@Home before 2.8
stores ...)
- TODO: check
+ NOT-FOR-US: Asterisk@Home
CVE-2006-2019 (Apple Mac OS X Safari 2.0.3, 1.3.1, and possibly other versions
allows ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2005-4791 (Multiple untrusted search path vulnerabilities in SUSE Linux
10.0 ...)
TODO: check
CVE-2005-4790 (Multiple untrusted search path vulnerabilities in SUSE Linux 9.3
and ...)