Author: stef-guest Date: 2006-09-02 12:01:55 +0000 (Sat, 02 Sep 2006) New Revision: 4664 Modified: data/CVE/list Log: some NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-09-01 18:35:50 UTC (rev 4663) +++ data/CVE/list 2006-09-02 12:01:55 UTC (rev 4664) @@ -1,21 +1,21 @@ CVE-2006-4436 (isakmpd in OpenBSD 3.8, 3.9, and possibly earlier versions, creates ...) TODO: check CVE-2006-4435 (OpenBSD 3.8, 3.9, and possibly earlier versions allows ...) - TODO: check + NOT-FOR-US: OpenBSD CVE-2006-4434 (Use-after-free vulnerability in Sendmail before 8.13.8 allows remote ...) - sendmail 8.13.8-1 (bug #385054; medium) CVE-2006-4433 (PHP before 4.4.3 and 5.x before 5.1.4 does not limit the character set ...) TODO: check CVE-2006-4432 (Directory traversal vulnerability in Zend Platform 2.2.1 and earlier ...) - TODO: check + NOT-FOR-US: Zend Platform CVE-2006-4431 (Multiple buffer overflows in the (a) Session Clustering Daemon and the ...) - TODO: check + NOT-FOR-US: Zend Platform CVE-2006-4430 (The Cisco Network Admission Control (NAC) 3.6.4.1 and earlier allows ...) - TODO: check + NOT-FOR-US: Cisco CVE-2006-4429 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: PHlyMail Lite CVE-2006-4428 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: Jupiter CMS CVE-2006-4427 (index.php in eFiction before 2.0.7 allows remote attackers to bypass ...) TODO: check CVE-2006-4426 (PHP remote file inclusion vulnerability in ...) @@ -314,52 +314,52 @@ CVE-2006-4286 (PHP remote file inclusion vulnerability in contentpublisher.php in the ...) TODO: check CVE-2006-4285 (PHP remote file inclusion vulnerability in news.php in Fantastic News ...) - TODO: check + NOT-FOR-US: Fantastic News CVE-2006-4284 (SQL injection vulnerability in comments.asp in LBlog 1.05 and earlier ...) - TODO: check + NOT-FOR-US: LBlog CVE-2006-4283 (Multiple PHP remote file inclusion vulnerabilities in SOLMETRA SPAW ...) - TODO: check + NOT-FOR-US: SOLMETRA SPAW Editor CVE-2006-4282 (PHP remote file inclusion vulnerability in MamboLogin.php in the ...) - TODO: check + NOT-FOR-US: MamboWiki component (com_mambowiki) for Mambo and Joomla! CVE-2006-4281 (PHP remote file inclusion vulnerability in akocomments.php in ...) - TODO: check + NOT-FOR-US: AkoComment 1.1 module (com_akocomment) for Mambo CVE-2006-4280 (PHP remote file inclusion vulnerability in anjel.index.php in ANJEL ...) - TODO: check + NOT-FOR-US: ANJEL (formerly MaMML) Component (com_anjel) for Mambo CVE-2006-4279 (SQL injection vulnerability in topic_post.php in XennoBB 2.2.1 and ...) - TODO: check + NOT-FOR-US: XennoBB CVE-2006-4278 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: SportsPHool CVE-2006-4277 (Multiple PHP remote file inclusion vulnerabilities in Tutti Nova 1.6 ...) - TODO: check + NOT-FOR-US: Tutti Nova CVE-2006-4276 (PHP remote file inclusion vulnerability in Tutti Nova 1.6 and earlier ...) - TODO: check + NOT-FOR-US: Tutti Nova CVE-2006-4275 (PHP remote file inclusion vulnerability in catalogshop.php in the ...) - TODO: check + NOT-FOR-US: CatalogShop component for Mambo (com_catalogshop) CVE-2006-4274 REJECTED NOT-FOR-US: Microsoft CVE-2006-4273 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 3.5.4 ...) - TODO: check + NOT-FOR-US: Jelsoft vBulletin CVE-2006-4272 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: Jelsoft vBulletin CVE-2006-4271 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: Jelsoft vBulletin CVE-2006-4270 (PHP remote file inclusion vulnerability in mambelfish.class.php in the ...) - TODO: check + NOT-FOR-US: mambelfish component (com_mambelfish) for Mambo CVE-2006-4269 (PHP remote file inclusion vulnerability in admin.x-shop.php in the ...) - TODO: check + NOT-FOR-US: x-shop component (com_x-shop) for Mambo and Joomla! CVE-2006-4268 (Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.11 ...) - TODO: check + NOT-FOR-US: CubeCart CVE-2006-4267 (Multiple SQL injection vulnerabilities in CubeCart 3.0.11 and earlier ...) - TODO: check + NOT-FOR-US: CubeCart CVE-2006-4266 (Symantec Norton Personal Firewall 2006 9.1.0.33, and possibly earlier, ...) NOT-FOR-US: Symantec CVE-2006-4265 (Kaspersky Anti-Hacker 1.8.180, when Stealth Mode is enabled, allows ...) NOT-FOR-US: Kaspersky CVE-2006-4264 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: lmtg_myhomepage Component (com_lmtg_myhomepage) for Mambo CVE-2006-4263 (Multiple PHP remote file inclusion vulnerabilities in the Product ...) - TODO: check + NOT-FOR-US: mambo-phpshop (com_phpshop) for Mambo and Joomla! CVE-2006-4262 (Multiple buffer overflows in cscope 15.5 and earlier allow ...) TODO: check CVE-2006-4261 (Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a ...) @@ -368,9 +368,9 @@ - mozilla <unfixed> - mozilla-firefox <unfixed> CVE-2006-4260 (Directory traversal vulnerability in index.php in Fotopholder 1.8 ...) - TODO: check + NOT-FOR-US: Fotopholder CVE-2006-4259 (Cross-site scripting (XSS) vulnerability in index.php in Fotopholder ...) - TODO: check + NOT-FOR-US: Fotopholder CVE-2006-4258 (Absolute path traversal vulnerability in the get functionality in ...) NOT-FOR-US: Anti-Spam SMTP Proxy CVE-2006-4257 (Unspecified vulnerability in IBM DB2 Universal Database (UDB) before ...) @@ -702,15 +702,15 @@ CVE-2006-4107 (SQL injection vulnerability in the Job Search module (job.module) 4.6 ...) TODO: check CVE-2006-4106 (Cross-site scripting (XSS) vulnerability in blursoft blur6ex 0.3 ...) - TODO: check + NOT-FOR-US: blur6ex CVE-2006-4105 (Cross-site scripting (XSS) vulnerability in Fill Threads Database ...) - TODO: check + NOT-FOR-US: Fill Threads Database CVE-2006-4104 (Cross-site scripting (XSS) vulnerability in admin.cgi in ...) NOT-FOR-US: mojoGallery CVE-2006-4103 (PHP remote file inclusion vulnerability in article-raw.php in Jason ...) - TODO: check + NOT-FOR-US: phNNTP CVE-2006-4102 (PHP remote file inclusion vulnerability in tpl.inc.php in Falko Timme ...) - TODO: check + NOT-FOR-US: SQLiteWebAdmin CVE-2006-4101 RESERVED CVE-2006-4100 @@ -893,7 +893,7 @@ CVE-2006-4022 (Intel 2100 PRO/Wireless Network Connection driver PROSet before ...) NOT-FOR-US: Intel CVE-2006-4021 (The cryptographic module in ScatterChat 1.0.x allows attackers to ...) - TODO: check + NOT-FOR-US: ScatterChat CVE-2006-4020 (scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows ...) - php5 5.1.6-1 (medium; bug #382256) - php4 4:4.4.4-1 (medium; bug #382261) @@ -1212,7 +1212,7 @@ CVE-2006-3870 RESERVED CVE-2006-3869 (Heap-based buffer overflow in URLMON.DLL in Microsoft Internet ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2006-3868 RESERVED CVE-2006-3867 @@ -1328,9 +1328,9 @@ CVE-2006-3819 (Eval injection vulnerability in the configure script in TWiki 4.0.0 ...) - twiki <not-affected> (only 4.0.x is affected) CVE-2006-3818 (Cross-site scripting (XSS) vulnerability in the login page in Novell ...) - TODO: check + NOT-FOR-US: Novell GroupWise WebAccess CVE-2006-3817 (Cross-site scripting (XSS) vulnerability in Novell GroupWise WebAccess ...) - TODO: check + NOT-FOR-US: Novell GroupWise WebAccess CVE-2006-3816 (Krusader 1.50-beta1 up to 1.70.0 stores passwords for remote ...) - krusader <not-affected> (bug #380063; file in directory with 0700 permissions) CVE-2006-3815 (heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in a ...) @@ -1339,7 +1339,7 @@ CVE-2006-3814 (Buffer overflow in the Loader_XM::load_instrument_internal function in ...) - cheesetracker 0.9.9-6 (bug #380364; low) CVE-2006-3813 (A regression error in the Perl package for Red Hat Enterprise Linux 4 ...) - TODO: check + NOT-FOR-US: Perl in Red Hat Enterprise Linux 4 CVE-2006-3812 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and ...) NOTE: MFSA-2006-56 [sarge] - mozilla <not-affected> @@ -2077,7 +2077,7 @@ CVE-2006-3507 RESERVED CVE-2006-3506 (Buffer overflow in the Xsan Filesystem driver on Mac OS X 10.4.7 and ...) - TODO: check + NOT-FOR-US: Mac OS X CVE-2006-3505 (WebKit in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to ...) NOT-FOR-US: Apple Mac OS CVE-2006-3504 (The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 ...) @@ -5226,9 +5226,9 @@ CVE-2006-2114 (Buffer overflow in SWS web Server 0.1.7 allows remote attackers to ...) NOT-FOR-US: SWS CVE-2006-2113 (The embedded HTTP server in Fuji Xerox Printing Systems (FXPS) print ...) - TODO: check + NOT-FOR-US: Fuji Xerox Printing Systems CVE-2006-2112 (Fuji Xerox Printing Systems (FXPS) print engine, as used in products ...) - TODO: check + NOT-FOR-US: Fuji Xerox Printing Systems CVE-2006-2111 (Microsoft Internet Explorer 6.0 on Windows XP SP2, and possibly other ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2006-2110 (Virtual Private Server (Vserver) 2.0.x before 2.0.2-rc18 and 2.1.x ...) @@ -8130,7 +8130,7 @@ CVE-2006-0949 (RaidenHTTPD 1.1.47 allows remote attackers to obtain source code of ...) NOT-FOR-US: RaidenHTTPD CVE-2006-0948 (AOL 9.0 Security Edition revision 4184.2340, and probably other ...) - TODO: check + NOT-FOR-US: AOL CVE-2006-0947 (Thomson SpeedTouch modem running firmware 5.3.2.6.0 allows remote ...) NOT-FOR-US: Thomson modem firmware CVE-2006-0946 (Cross-site scripting (XSS) vulnerability in Thomson SpeedTouch modems ...)