Author: stef-guest
Date: 2006-09-24 19:51:14 +0000 (Sun, 24 Sep 2006)
New Revision: 4759
Modified:
data/CVE/list
Log:
some NFUs
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-09-24 19:11:52 UTC (rev 4758)
+++ data/CVE/list 2006-09-24 19:51:14 UTC (rev 4759)
@@ -148,21 +148,21 @@
CVE-2006-4852 (SQL injection vulnerability in browse.asp in QuadComm Q-Shop 3.5
...)
NOT-FOR-US: QuadComm Q-Shop
CVE-2006-4851 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: BolinOS
CVE-2006-4850 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: BolinOS
CVE-2006-4849 (PHP remote file inclusion vulnerability in header.php in ...)
- TODO: check
+ NOT-FOR-US: MobilePublisherPHP
CVE-2006-4848 (Multiple PHP remote file inclusion vulnerabilities in Brian
Fraval ...)
- TODO: check
+ NOT-FOR-US: Hitweb
CVE-2006-4847 (Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before
Hotfix ...)
- TODO: check
+ NOT-FOR-US: WS_FTP
CVE-2006-4846 (Unspecified vulnerability in Citrix Access Gateway with Advanced
...)
- TODO: check
+ NOT-FOR-US: Citrix
CVE-2006-4845 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: TeamCal
CVE-2006-4844 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Claroline
CVE-2006-4843
RESERVED
CVE-2006-4842
@@ -174,43 +174,43 @@
CVE-2006-4839
RESERVED
CVE-2006-4838 (Multiple cross-site scripting (XSS) vulnerabilities in
DCP-Portal SE ...)
- TODO: check
+ NOT-FOR-US: DCP-Portal
CVE-2006-4837 (Multiple PHP remote file inclusion vulnerabilities in DCP-Portal
SE ...)
- TODO: check
+ NOT-FOR-US: DCP-Portal
CVE-2006-4836 (SQL injection vulnerability in login.php in DCP-Portal SE 6.0
allows ...)
- TODO: check
+ NOT-FOR-US: DCP-Portal
CVE-2006-4835 (Bluview Blue Magic Board (BMB) (aka BMForum) 5.5 allows remote
...)
- TODO: check
+ NOT-FOR-US: Blue Magic Board (BMB) (aka BMForum)
CVE-2006-4834 (PHP remote file inclusion vulnerability in index.php in Jule
Slootbeek ...)
- TODO: check
+ NOT-FOR-US: phpQuiz
CVE-2006-4833 (Verso NetPerformer FRAD ACT SDM-95xx 7.xx (R1) and earlier,
SDM-93xx ...)
- TODO: check
+ NOT-FOR-US: NetPerformer
CVE-2006-4832 (Buffer overflow in the telnet service in Verso NetPerformer FRAD
ACT ...)
- TODO: check
+ NOT-FOR-US: NetPerformer
CVE-2006-4831 (Unspecified vulnerability in IP over DNS is now easy (iodine)
before ...)
- TODO: check
+ NOT-FOR-US: IP over DNS is now easy (iodine)
CVE-2006-4830 (Directory traversal vulnerability in
EditBlogTemplatesPlugin.java in ...)
- TODO: check
+ NOT-FOR-US: Blojsom
CVE-2006-4829 (Multiple cross-site scripting (XSS) vulnerabilities in David
Czarnecki ...)
- TODO: check
+ NOT-FOR-US: Blojsom
CVE-2006-4828 (PHP remote file inclusion vulnerability in zipndownload.php in
...)
- TODO: check
+ NOT-FOR-US: PhotoPost
CVE-2006-4827 (Multiple PHP remote file inclusion vulnerabilities in Vmist
Downstat ...)
- TODO: check
+ NOT-FOR-US: Vmist Downstat
CVE-2006-4826 (PHP remote file inclusion vulnerability in bottom.php in
Shadowed ...)
- TODO: check
+ NOT-FOR-US: Shadowed Portal
CVE-2006-4825 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: PHP Event Calendar
CVE-2006-4824 (PHP remote file inclusion vulnerability in lib/activeutil.php in
...)
- TODO: check
+ NOT-FOR-US: Quicksilver Forums (QSF)
CVE-2006-4823 (PHP remote file inclusion vulnerability in scripts/news_page.php
in ...)
- TODO: check
+ NOT-FOR-US: Magic News
CVE-2006-4822 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
- TODO: check
+ NOT-FOR-US: emuCMS
CVE-2006-4821 (Cross-site scripting (XSS) vulnerability in the Drupal 4.7
Userreview ...)
- TODO: check
+ NOT-FOR-US: Drupal Userreview module
CVE-2006-4820 (Unspecified vulnerability in X.25 on HP-UX B.11.00, B.11.11, and
...)
- TODO: check
+ NOT-FOR-US: HP-UX
CVE-2006-4819
RESERVED
CVE-2006-4818
@@ -244,27 +244,27 @@
CVE-2006-4804
RESERVED
CVE-2006-4803 (The Fan-Out Linux and UNIX receiver scripts in Novell Identity
Manager ...)
- TODO: check
+ NOT-FOR-US: Novell Identity Manager
CVE-2006-4802 (Format string vulnerability in the Real Time Virus Scan service
in ...)
- TODO: check
+ NOT-FOR-US: Symantec
CVE-2006-4801 (Race condition in Deja Vu, as used in Roxio Toast Titanium 7 and
...)
- TODO: check
+ NOT-FOR-US: Roxio Toast
CVE-2006-4800 (Multiple buffer overflows in libavcodec in ffmpeg before ...)
TODO: check
CVE-2006-4799 (Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow
...)
TODO: check
CVE-2006-4798 (SQL-Ledger before 2.4.4 stores a password in a query string,
which ...)
- TODO: check
+ - sql-ledger 2.4.5-1
CVE-2006-4797 (Cross-site scripting (XSS) vulnerability in tag.php in CloudNine
...)
- TODO: check
+ NOT-FOR-US: CJ Tag Board
CVE-2006-4796 (Cross-site scripting (XSS) vulnerability in forum.asp in Snitz
Forums ...)
- TODO: check
+ NOT-FOR-US: Snitz Forums
CVE-2006-4795 (Unspecified vulnerability in the Address and Routing Parameter
Area ...)
- TODO: check
+ NOT-FOR-US: HP-UX
CVE-2006-4794 (Multiple cross-site scripting (XSS) vulnerabilities in e107
0.7.5 ...)
- TODO: check
+ NOT-FOR-US: e107
CVE-2006-4793 (Multiple SQL injection vulnerabilities in icerik.asp in TualBLOG
1.0 ...)
- TODO: check
+ NOT-FOR-US: TualBLOG
CVE-2004-2665 (Unspecified vulnerability in the Address and Routing Parameter
Area ...)
TODO: check
CVE-2006-XXXX [linux-ftpd allows chdir to disallowed directories]
@@ -442,17 +442,17 @@
CVE-2006-4711 (Multiple cross-site scripting (XSS) vulnerabilities in Sage
allow ...)
- firefox-sage 1.3.6-3 (bug #388149; medium)
CVE-2006-4710 (Multiple cross-site scripting (XSS) vulnerabilities in NewsGator
...)
- TODO: check
+ NOT-FOR-US: NewsGator FeedDemon
CVE-2006-4709 (SQL injection vulnerability in topic.php in Vikingboard 0.1b
allows ...)
- TODO: check
+ NOT-FOR-US: Vikingboard
CVE-2006-4708 (Multiple cross-site scripting (XSS) vulnerabilities in
Vikingboard ...)
- TODO: check
+ NOT-FOR-US: Vikingboard
CVE-2006-4707 (Cross-site scripting (XSS) vulnerability in admin/global.php
(aka the ...)
- TODO: check
+ NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-4706 (Cross-site scripting (XSS) vulnerability in
inc/functions_post.php in ...)
- TODO: check
+ NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-4705 (SQL injection vulnerability in login.php in dwayner79 and
Dominic ...)
- TODO: check
+ NOT-FOR-US: Timesheet (aka Timesheet.php)
CVE-2006-4704
RESERVED
CVE-2006-4703
@@ -496,122 +496,122 @@
CVE-2006-4684 (The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and
2.8.0 ...)
TODO: check
CVE-2006-4683 (IBM Director before 5.10 allows remote attackers to obtain
sensitive ...)
- TODO: check
+ NOT-FOR-US: IBM Director
CVE-2006-4682 (Multiple unspecified vulnerabilities in IBM Director before 5.10
allow ...)
- TODO: check
+ NOT-FOR-US: IBM Director
CVE-2006-4681 (Directory traversal vulnerability in Redirect.bat in IBM
Director ...)
- TODO: check
+ NOT-FOR-US: IBM Director
CVE-2006-4680 (The Remote UI in Canon imageRUNNER includes usernames and
passwords ...)
- TODO: check
+ NOT-FOR-US: Canon imageRUNNER
CVE-2006-4679 (DokuWiki before 2006-03-09c enables the debug feature by
default, ...)
TODO: check
CVE-2006-4678 (PHP remote file inclusion vulnerability in News Evolution 3.0.3
allows ...)
- TODO: check
+ NOT-FOR-US: News Evolution
CVE-2006-4677 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: phpopenchat
CVE-2006-4676 (TIBCO RendezVous 7.4.11 and earlier logs base64-encoded
usernames and ...)
- TODO: check
+ NOT-FOR-US: TIBCO RendezVous
CVE-2006-4675 (Unrestricted file upload vulnerability in lib/exe/media.php in
...)
TODO: check
CVE-2006-4674 (Direct static code injection vulnerability in doku.php in
DokuWiki ...)
TODO: check
CVE-2006-4673 (Global variable overwrite vulnerability in maincore.php in
PHP-Fusion ...)
- TODO: check
+ NOT-FOR-US: PHP-Fusion
CVE-2006-4672 (PHP remote file inclusion vulnerability in profitCode ppalCart
2.5 EE, ...)
- TODO: check
+ NOT-FOR-US: ppalCart
CVE-2006-4671 (PHP remote file inclusion vulnerability in headlines.php in
Fantastic ...)
- TODO: check
+ NOT-FOR-US: Fantastic News
CVE-2006-4670 (Multiple PHP remote file inclusion vulnerabilities in PhotoKorn
...)
- TODO: check
+ NOT-FOR-US: PhotoKorn Gallery
CVE-2006-4669 (PHP remote file inclusion vulnerability in
admin/system/include.php in ...)
- TODO: check
+ NOT-FOR-US: Somery
CVE-2006-4668 (Cross-site scripting (XSS) vulnerability in index.php in Rob
Hensley ...)
- TODO: check
+ NOT-FOR-US: AckerTodo
CVE-2006-4667 (Multiple SQL injection vulnerabilities in RunCMS 1.4.1 allow
remote ...)
- TODO: check
+ NOT-FOR-US: RunCMS
CVE-2006-4666 (Multiple PHP remote file inclusion vulnerabilities in Stefan
Ernst ...)
- TODO: check
+ NOT-FOR-US: Newsscript (aka WM-News)
CVE-2006-4665 (Cross-site scripting (XSS) vulnerability in index.php in
MKPortal M1.1 ...)
- TODO: check
+ NOT-FOR-US: MKPortal
CVE-2006-4664 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Premod Shadow
CVE-2006-4663 (** DISPUTED ** ...)
TODO: check
CVE-2006-4662 (Heap-based buffer overflow in the MCRegEx__Search function in
AOL ICQ ...)
- TODO: check
+ NOT-FOR-US: AOL ICQ
CVE-2006-4661 (AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) does
not ...)
- TODO: check
+ NOT-FOR-US: AOL ICQ Toolbar
CVE-2006-4660 (Multiple cross-site scripting (XSS) vulnerabilities in the RSS
Feed ...)
- TODO: check
+ NOT-FOR-US: AOL ICQ Toolbar
CVE-2006-4659 (The Panda Platinum Internet Security 2006 10.02.01 and 2007
11.00.00 ...)
- TODO: check
+ NOT-FOR-US: Panda Platinum Internet Security
CVE-2006-4658 (Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00
uses ...)
- TODO: check
+ NOT-FOR-US: Panda Platinum Internet Security
CVE-2006-4657 (Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00
...)
- TODO: check
+ NOT-FOR-US: Panda Platinum Internet Security
CVE-2006-4656 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Web Provence SL_Site
CVE-2006-4655 (Buffer overflow in the Strcmp function in the XKEYBOARD
extension in X ...)
- TODO: check
+ NOT-FOR-US: X11R6.4
CVE-2006-4654 (Format string vulnerability in Easy Address Book Web Server 1.2
allows ...)
- TODO: check
+ NOT-FOR-US: Address Book Web Server
CVE-2006-4653 ((1) Amazing Little Poll and (2) Amazing Little Picture Poll
store ...)
- TODO: check
+ NOT-FOR-US: Amazing Little Poll
CVE-2006-4652 ((1) Amazing Little Poll and (2) Amazing Little Picture Poll have
a ...)
- TODO: check
+ NOT-FOR-US: Amazing Little Poll
CVE-2006-4651 (Directory traversal vulnerability in download/index.php, and
possibly ...)
- TODO: check
+ NOT-FOR-US: Php download
CVE-2006-4650 (Cisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used
and the ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2006-4649 (PHP remote file inclusion vulnerability in bp_news.php in BinGo
News ...)
- TODO: check
+ NOT-FOR-US: BinGo News
CVE-2006-4648 (PHP remote file inclusion vulnerability in bp_ncom.php in BinGo
News ...)
- TODO: check
+ NOT-FOR-US: BinGo News
CVE-2006-4647 (PHP remote file inclusion vulnerability in news.php in Sponge
News 2.2 ...)
- TODO: check
+ NOT-FOR-US: Sponge News
CVE-2006-4646 (Cross-site scripting (XSS) vulnerability in the Drupal 4.7
Pathauto ...)
- TODO: check
+ NOT-FOR-US: Drupal Pathauto module
CVE-2006-4645 (PHP remote file inclusion vulnerability in
akarru.gui/main_content.php ...)
- TODO: check
+ NOT-FOR-US: Social BookMarking Engine
CVE-2006-4644 (PHP remote file inclusion vulnerability in
modules/home.module.php in ...)
- TODO: check
+ NOT-FOR-US: phpFullAnnu
CVE-2006-4643 (SQL injection vulnerability in consult/joueurs.php in Uni-Vert
...)
- TODO: check
+ NOT-FOR-US: PhpLeague
CVE-2006-4642 (AuditWizard 6.3.2, when using "Remote Audit,"
logs the administrator ...)
- TODO: check
+ NOT-FOR-US: AuditWizard
CVE-2006-4641 (SQL injection vulnerability in kategori.asp in Muratsoft Haber
Portal ...)
- TODO: check
+ NOT-FOR-US: Muratsoft Haber Portal
CVE-2006-4640 (Unspecified vulnerability in Adobe Flash Player before 9.0.16.0
allows ...)
- flashplugin-nonfree 7.0.68.0.1
[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2006-4639 (Multiple PHP remote file inclusion vulnerabilities in C-News.fr
C-News ...)
- TODO: check
+ NOT-FOR-US: C-News.fr C-News
CVE-2006-4638 (PHP remote file inclusion vulnerability in article.php in ACGV
News ...)
- TODO: check
+ NOT-FOR-US: ACGV News
CVE-2006-4637 (Multiple PHP remote file inclusion vulnerabilities in ACGV News
0.9.1 ...)
- TODO: check
+ NOT-FOR-US: ACGV News
CVE-2006-4636 (Directory traversal vulnerability in SZEWO PhpCommander 3.0 and
...)
- TODO: check
+ NOT-FOR-US: PhpCommander
CVE-2006-4635 (Unspecified vulnerability in MySource Classic 2.14.6, and
possibly ...)
- TODO: check
+ NOT-FOR-US: MySource Classic
CVE-2006-4634 (Cross-site scripting (XSS) vulnerability in index.php in VBZooM
allows ...)
- TODO: check
+ NOT-FOR-US: VBZooM
CVE-2006-4633 (index.php in SoftBB 0.1, and possibly earlier, allows remote
attackers ...)
- TODO: check
+ NOT-FOR-US: SoftBB
CVE-2006-4632 (Multiple SQL injection vulnerabilities in SoftBB 0.1, and
possibly ...)
- TODO: check
+ NOT-FOR-US: SoftBB
CVE-2006-4631 (Direct static code injection vulnerability in admin/save_opt.php
in ...)
- TODO: check
+ NOT-FOR-US: SoftBB
CVE-2006-4630 (PHP remote file inclusion vulnerability in jscript.php in Sky
GUNNING ...)
- TODO: check
+ NOT-FOR-US: MySpeach
CVE-2006-4629 (PHP remote file inclusion vulnerability in
affichage/commentaires.php ...)
- TODO: check
+ NOT-FOR-US: C-News.fr C-News
CVE-2006-4628 (Cross-site scripting (XSS) vulnerability in VCD-db before 0.983
allows ...)
- TODO: check
+ NOT-FOR-US: VCD-db
CVE-2006-4627 (System Information ActiveX control (msinfo.dll), when accessed
via ...)
- TODO: check
+ NOT-FOR-US: System Information ActiveX control
CVE-2006-4626 (Heap-based buffer overflow in alwil avast! Anti-virus Engine
before ...)
- TODO: check
+ NOT-FOR-US: avast! Anti-virus Engine
CVE-2006-4625 (PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to
bypass ...)
TODO: check
CVE-2006-4624 (CRLF injection vulnerability in Utils.py in Mailman before
2.1.9rc1 ...)
@@ -1068,9 +1068,9 @@
CVE-2006-4439 (pkgadd in Sun Solaris 10 before 20060825 installs files with
insecure ...)
NOT-FOR-US: Solaris
CVE-2006-4438 (Heap-based buffer overflow in SpIDer for Dr.Web Scanner for
Linux ...)
- TODO: check
+ NOT-FOR-US: SpIDer for Dr.Web Scanner
CVE-2006-4437 (Eval injection vulnerability in Tagger LE allows remote
attackers to ...)
- TODO: check
+ NOT-FOR-US: Tagger LE
CVE-2005-4810 (Microsoft Internet Explorer 7.0 Beta3 and earlier allows remote
...)
NOT-FOR-US: Microsoft
CVE-2005-4809 (Mozilla Firefox 1.0.1 and possibly other versions, including
Mozilla ...)
@@ -1181,30 +1181,30 @@
CVE-2006-4390
RESERVED
CVE-2006-4389 (Apple QuickTime before 7.1.3 allows user-assisted remote
attackers to ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2006-4388 (Integer overflow in Apple QuickTime before 7.1.3 allows
user-assisted ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2006-4387
RESERVED
CVE-2006-4386 (Integer overflow in Apple QuickTime before 7.1.3 allows
user-assisted ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2006-4385 (Buffer overflow in Apple QuickTime before 7.1.3 allows
user-assisted ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2006-4384 (Heap-based buffer overflow in Apple QuickTime before 7.1.3
allows ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2006-4383
RESERVED
CVE-2006-4382 (Multiple buffer overflows in Apple QuickTime before 7.1.3 allow
...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2006-4381 (Integer overflow in Apple QuickTime before 7.1.3 allows
user-assisted ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2006-4380 (MySQL before 4.1.13 allows local users to cause a denial of
service ...)
{DSA-1169}
- mysql-dfsg-5.0 <not-affected> (only 4.1 affected)
- mysql-dfsg <not-affected> (only 4.1 affected)
- mysql-dfsg-4.1 <removed>
CVE-2006-4379 (Stack-based buffer overflow in the SMTP Daemon in Ipswitch ...)
- TODO: check
+ NOT-FOR-US: Ipswitch Collaboration 2006 Suite
CVE-2006-4378 (** DISPUTED ** ...)
NOT-FOR-US: Rssxt component for Joomla! (com_rssxt)
CVE-2006-4377 (Multiple SQL injection vulnerabilities in Guder und Koch ...)
@@ -2326,7 +2326,7 @@
CVE-2006-3874
RESERVED
CVE-2006-3873 (Heap-based buffer overflow in URLMON.DLL in Microsoft Internet
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-3872
RESERVED
CVE-2006-3871