Secure testing commits - Aug 2006 - r4500 - data/CVE

Author: stef-guest
Date: 2006-08-04 17:08:55 +0000 (Fri, 04 Aug 2006)
New Revision: 4500

Modified:
   data/CVE/list
Log:
- new ipcal issue (low)
- some NFUs

Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-08-04 16:40:22 UTC (rev 4499)
+++ data/CVE/list	2006-08-04 17:08:55 UTC (rev 4500)
@@ -1,35 +1,35 @@
 CVE-2006-3970 (PHP remote file inclusion vulnerability in lmo.php in the LMO
...)
-	TODO: check
+	NOT-FOR-US: LMO for joomla
 CVE-2006-3969 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Colophon for joomla
 CVE-2006-3968 (The crypto provider in Sun Solaris 10 3/05 HW2 without patch
...)
 	NOT-FOR-US: Solaris
 CVE-2006-3967 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: moskool
 CVE-2006-3966 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: MyNewsGroups
 CVE-2006-3965 (Banex PHP MySQL Banner Exchange 2.21 stores lib.inc under the
web ...)
-	TODO: check
+	NOT-FOR-US: Banex PHP MySQL Banner Exchange
 CVE-2006-3964 (PHP remote file inclusion vulnerability in members.php in Banex
PHP ...)
-	TODO: check
+	NOT-FOR-US: Banex PHP MySQL Banner Exchange
 CVE-2006-3963 (Multiple SQL injection vulnerabilities in Banex PHP MySQL Banner
...)
-	TODO: check
+	NOT-FOR-US: Banex PHP MySQL Banner Exchange
 CVE-2006-3962 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: com_bayesiannaivefilter for mambo
 CVE-2006-3961 (Unspecified vulnerability in McAfee Internet Security Suite
2006, ...)
 	NOT-FOR-US: McAfee
 CVE-2006-3960 (SQL injection vulnerability in top.php in X-Scripts X-Poll 1.10
allows ...)
-	TODO: check
+	NOT-FOR-US: X-Scripts X-Poll
 CVE-2006-3959 (SQL injection vulnerability in protect.php in X-Scripts
X-Protection ...)
-	TODO: check
+	NOT-FOR-US: X-Scripts X-Protection
 CVE-2006-3958 (Multiple unspecified cross-site scripting (XSS) vulnerabilities
in ...)
-	TODO: check
+	NOT-FOR-US: Taskjitsu
 CVE-2006-3957 (PHP remote file inclusion vulnerability in payment.php in BosDev
...)
-	TODO: check
+	NOT-FOR-US: BosDates
 CVE-2006-3956 (Multiple cross-site scripting (XSS) vulnerabilities in
contact.php in ...)
-	TODO: check
+	NOT-FOR-US: Advanced Webhost Billing System
 CVE-2006-3955 (Multiple PHP remote file inclusion vulnerabilities in MiniBB
Forum ...)
-	TODO: check
+	NOT-FOR-US: MiniBB Forum
 CVE-2006-3954 (Directory traversal vulnerability in usercp.php in MyBB (aka
...)
 	NOT-FOR-US: mybb
 CVE-2006-3953 (Cross-site scripting (XSS) vulnerability in usercp.php in MyBB
(aka ...)
@@ -39,13 +39,13 @@
 CVE-2006-3951 (PHP remote file inclusion vulnerability in moodle.php in
Mam-moodle ...)
 	TODO: check
 CVE-2006-3950 (SQL injection vulnerability in x-statistics.php in X-Scripts
...)
-	TODO: check
+	NOT-FOR-US: X-Statistics
 CVE-2006-3949 (PHP remote file inclusion vulnerability in artlinks.dispnew.php
in the ...)
-	TODO: check
+	NOT-FOR-US: com_artlinks for Mambo
 CVE-2006-3948 (Cross-site scripting (XSS) vulnerability in modules.php in
PHP-Nuke ...)
 	NOT-FOR-US: php-nuke
 CVE-2006-3947 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Mambatstaff
 CVE-2006-3946 (The KHTMLParser::popOneBlock function in Apple Safari 2.0.4 on
Mac OS ...)
 	TODO: check
 CVE-2006-3945 (The CSS functionality in Opera 9 on Windows XP SP2 allows remote
...)
@@ -57,9 +57,9 @@
 CVE-2006-3942 (The server driver (srv.sys) in Microsoft Windows 2000 SP4,
Server 2003 ...)
 	NOT-FOR-US: Microsoft
 CVE-2006-3941 (Unspecified vulnerability in the daemons for Sun N1 Grid Engine
5.3 ...)
-	TODO: check
+	NOT-FOR-US: N1 Grid Engine 
 CVE-2006-3940 (Multiple SQL injection vulnerabilities in phpbb-Auction allow
remote ...)
-	TODO: check
+	NOT-FOR-US: phpbb-Auction
 CVE-2006-3939 (ScriptsCenter ezUpload Pro 2.2.0 allows remote attackers to
perform ...)
 	TODO: check
 CVE-2006-3938 (DotClear allows remote attackers to obtain sensitive information
via a ...)
@@ -73,7 +73,7 @@
 CVE-2006-3934 (Absolute path traversal vulnerability in downloadTrigger.jsp in
...)
 	TODO: check
 CVE-2006-3933 (Cross-site scripting (XSS) vulnerability in Alkacon OpenCms
before ...)
-	TODO: check
+	NOT-FOR-US: OpenCms
 CVE-2006-3932 (SQL injection vulnerability in links.php in Gonafish LinksCaffe
3.0 ...)
 	TODO: check
 CVE-2006-3931 (Buffer overflow in the daemon function in midirecord.cc in
Tuomas ...)
@@ -89,7 +89,7 @@
 CVE-2006-3926 (Multiple SQL injection vulnerabilities in PhpProBid 5.24 allow
remote ...)
 	TODO: check
 CVE-2006-3925 (Stack-based buffer overflow in ITIRecorder.MicRecorder ActiveX
control ...)
-	TODO: check
+	NOT-FOR-US: ITIRecorder.MicRecorder ActiveX control
 CVE-2006-3924 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos
before ...)
 	TODO: check
 CVE-2006-3923 (Cross-site scripting (XSS) vulnerability in add.php in
Fire-Mouse ...)
@@ -134,7 +134,7 @@
 CVE-2006-3904 (SQL injection vulnerability in manager/index.php in Etomite CMS
0.6.1 ...)
 	TODO: check
 CVE-2006-3903 (CRLF injection vulnerability in (1) index.php and (2) admin.php
in ...)
-	TODO: check
+	NOT-FOR-US: myWebland MyBloggie
 CVE-2006-3902 (Cross-site scripting (XSS) vulnerability in index.php in
phpFaber ...)
 	TODO: check
 CVE-2006-3901 (Multiple stack-based buffer overflows in Tumbleweed Email
Firewall ...)
@@ -242,29 +242,29 @@
 CVE-2006-3850 (** DISPUTED ** ...)
 	TODO: check
 CVE-2006-3849 (Stack-based buffer overflow in Warzone 2100 and Warzone
Resurrection ...)
-	TODO: check
+	NOT-FOR-US: Warzone
 CVE-2006-3848 (Cross-site scripting (XSS) vulnerability in CGI wrapper for IP
...)
-	TODO: check
+	NOT-FOR-US: ipcalc <unfixed> (bug #381469; low)
 CVE-2006-3847 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: MoSpray
 CVE-2006-3846 (PHP remote file inclusion vulnerability in
extadminmenus.class.php in ...)
-	TODO: check
+	NOT-FOR-US: MultiBanners
 CVE-2006-3845 (Stack-based buffer overflow in lzh.fmt in WinRAR 3.00 through
3.60 ...)
-	TODO: check
+	NOT-FOR-US: WinRAR
 CVE-2006-3844 (Buffer overflow in Quick ''n Easy FTP Server 3.0 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: Quick ''n Easy FTP Server
 CVE-2006-3843 (PHP remote file inclusion vulnerability in com_calendar.php in
...)
-	TODO: check
+	NOT-FOR-US: Calendar Mambo Module
 CVE-2006-3842 (Cross-site scripting (XSS) vulnerability in Zoho Virtual Office
3.2 ...)
-	TODO: check
+	NOT-FOR-US: Zoho Virtual Office
 CVE-2006-3841 (Cross-site scripting (XSS) vulnerability in WebScarab before
...)
-	TODO: check
+	NOT-FOR-US: WebScarab
 CVE-2006-3840 (The SMB Mailslot parsing functionality in PAM in multiple ISS
products ...)
-	TODO: check
+	NOT-FOR-US: various ISS products
 CVE-2006-3839
 	RESERVED
 CVE-2006-3838 (Multiple stack-based buffer overflows in eIQnetworks Enterprise
...)
-	TODO: check
+	NOT-FOR-US: eIQnetworks Enterprise
 CVE-2006-XXXX [syslog-ng dos]
 	- syslog-ng 2.0rc1-2
 CVE-2006-XXXX [courier-authdaemon: wrong socket permissions may lead to
password disclosure]