Author: stef-guest Date: 2006-10-05 19:12:16 +0000 (Thu, 05 Oct 2006) New Revision: 4813 Modified: data/CVE/list Log: many NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-10-05 18:44:54 UTC (rev 4812) +++ data/CVE/list 2006-10-05 19:12:16 UTC (rev 4813) @@ -1,17 +1,17 @@ CVE-2006-5167 (Multiple PHP remote file inclusion vulnerabilities in BasiliX 1.1.1 ...) - TODO: check + NOT-FOR-US: BasiliX CVE-2006-5166 (PHP remote file inclusion vulnerability in functions.php in PHP Web ...) - TODO: check + NOT-FOR-US: PHP Web Scripts Easy Banner Free CVE-2006-5165 (PHP remote file inclusion vulnerability in inc/functions.inc.php in ...) - TODO: check + NOT-FOR-US: Skrypty PPA Gallery CVE-2006-5164 (Multiple cross-site scripting (XSS) vulnerabilities in cart.php in Sum ...) - TODO: check + NOT-FOR-US: digiSHOP CVE-2006-5163 (IBM Informix Dynamic Server 10.UC3RC1 Trial for Linux and possibly ...) - TODO: check + NOT-FOR-US: IBM CVE-2006-5162 (wininet.dll in Microsoft Internet Explorer 6.0 SP2 and earlier allows ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2006-5161 (IBM Client Security Password Manager stores and distributes saved ...) - TODO: check + NOT-FOR-US: IBM CVE-2006-5160 (** DISPUTED ** ...) TODO: check CVE-2006-5159 (** DISPUTED ** ...) @@ -19,33 +19,33 @@ CVE-2006-5158 (Unspecified vulnerability in NFS lockd in the kernel in SUSE Linux 9.2 ...) TODO: check CVE-2006-5157 (Format string vulnerability in the ActiveX control (ATXCONSOLE.OCX) in ...) - TODO: check + NOT-FOR-US: TrendMicro OfficeScan CVE-2006-5156 (Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ...) - TODO: check + NOT-FOR-US: McAfee CVE-2006-5155 (PHP remote file inclusion vulnerability in core/pdf.php in VideoDB ...) - TODO: check + NOT-FOR-US: VideoDB CVE-2006-5154 (PHP remote file inclusion vulnerability in cp/sig.php in DeluxeBB 1.09 ...) - TODO: check + NOT-FOR-US: DeluxeBB CVE-2006-5153 (The (1) fwdrv.sys and (2) khips.sys drivers in Sunbelt Kerio Personal ...) - TODO: check + NOT-FOR-US: Kerio Personal Firewall CVE-2006-5152 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2006-5151 (Unspecified vulnerability in HP Ignite-UX server before C.6.9.150 for ...) - TODO: check + NOT-FOR-US: HP CVE-2006-5150 (SQL injection vulnerability in the reports system in OpenBiblio before ...) - TODO: check + NOT-FOR-US: OpenBiblio CVE-2006-5149 (Multiple PHP remote file inclusion vulnerabilities in (1) ...) - TODO: check + NOT-FOR-US: OpenBiblio CVE-2006-5148 (Multiple PHP remote file inclusion vulnerabilities in Forum82 2.5.2b ...) - TODO: check + NOT-FOR-US: Forum82 CVE-2006-5147 (PHP remote file inclusion vulnerability in wamp_dir/setup/yesno.phtml ...) - TODO: check + NOT-FOR-US: VAMP Webmail CVE-2006-5146 (Multiple cross-site scripting (XSS) vulnerabilities in Yblog allow ...) - TODO: check + NOT-FOR-US: Yblog CVE-2006-5145 (Multiple SQL injection vulnerabilities in OlateDownload 3.4.0 allow ...) - TODO: check + NOT-FOR-US: OlateDownload CVE-2006-5144 (Cross-site scripting (XSS) vulnerability in userupload.php in ...) - TODO: check + NOT-FOR-US: OlateDownload CVE-2006-XXXX [unspecified libgsf security issue (IDEF1622)] - libgsf 1.14.2-1 CVE-2006-5143 @@ -53,143 +53,143 @@ CVE-2006-5142 RESERVED CVE-2006-5141 (PHP remote file inclusion vulnerability in script.php in Kevin A. ...) - TODO: check + NOT-FOR-US: Open Geo Targeting (aka geotarget) CVE-2006-5140 (SQL injection vulnerability in display.php in Lappy512 PHP Krazy Image ...) - TODO: check + NOT-FOR-US: Image Host Script (phpkimagehost) CVE-2006-5139 (Unspecified vulnerability in MkPortal allows remote attackers to ...) - TODO: check + NOT-FOR-US: MkPortal CVE-2006-5138 (Groupee UBB.threads 6.5.1.1 allows remote attackers to obtain ...) - TODO: check + NOT-FOR-US: Groupee UBB.threads CVE-2006-5137 (Multiple direct static code injection vulnerabilities in Groupee ...) - TODO: check + NOT-FOR-US: Groupee UBB.threads CVE-2006-5136 (Multiple PHP remote file inclusion vulnerabilities in ubbt.inc.php in ...) - TODO: check + NOT-FOR-US: Groupee UBB.threads CVE-2006-5135 (Multiple PHP remote file inclusion vulnerabilities in A-Blog 2 allow ...) - TODO: check + NOT-FOR-US: A-Blog CVE-2006-5134 (Mercury SiteScope 8.2 (8.1.2.0) allows remote authenticated users to ...) - TODO: check + NOT-FOR-US: Mercury SiteScope CVE-2006-5133 (Buffer overflow in GuildFTPd 0.999.13 allows remote attackers to have ...) - TODO: check + NOT-FOR-US: GuildFTPd CVE-2006-5132 (Multiple PHP remote file inclusion vulnerabilities in phpMyAgenda 3.0 ...) - TODO: check + NOT-FOR-US: phpMyAgenda CVE-2006-5131 (module/shout/jafshout.php (aka the shoutbox) in ph03y3nk just another ...) - TODO: check + NOT-FOR-US: just another flat file (JAF) CMS CVE-2006-5130 (Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just ...) - TODO: check + NOT-FOR-US: ust another flat file (JAF) CMS CVE-2006-5129 (Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just ...) - TODO: check + NOT-FOR-US: ust another flat file (JAF) CMS CVE-2006-5128 (SQL injection vulnerability in index.php in Bartels Schoene ConPresso ...) - TODO: check + NOT-FOR-US: ConPresso CVE-2006-5127 (Multiple cross-site scripting (XSS) vulnerabilities in Bartels Schoene ...) - TODO: check + NOT-FOR-US: ConPresso CVE-2006-5126 (PHP remote file inclusion vulnerability in index.php in John Himmelman ...) - TODO: check + NOT-FOR-US: PowerPortal CVE-2006-5125 (Directory traversal vulnerability in window.php, possibly used by ...) - TODO: check + NOT-FOR-US: phpMyWebmin CVE-2006-5124 (Multiple PHP remote file inclusion vulnerabilities in Joshua Muheim ...) - TODO: check + NOT-FOR-US: phpMyWebmin CVE-2006-5123 (Multiple PHP remote file inclusion vulnerabilities in Albrecht ...) - TODO: check + NOT-FOR-US: PHProjekt CVE-2006-5122 (Multiple cross-site scripting (XSS) vulnerabilities in Mercury ...) - TODO: check + NOT-FOR-US: SiteScope CVE-2006-5121 (SQL injection vulnerability in modules/Downloads/admin.php in the ...) - TODO: check + NOT-FOR-US: PostNuke CVE-2006-5120 (Multiple cross-site scripting (XSS) vulnerabilities in Scott Metoyer ...) - TODO: check + NOT-FOR-US: Red Mombin CVE-2006-5119 (Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart 1.3.5 ...) - TODO: check + NOT-FOR-US: Zen Cart CVE-2006-5118 (PHP remote file inclusion vulnerability in index.php3 in the PDD ...) - TODO: check + NOT-FOR-US: PHPSelect Web Development Division CVE-2006-5117 (phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web ...) TODO: check CVE-2006-5116 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) TODO: check CVE-2006-5115 (Directory traversal vulnerability in kgcall.php in KGB 1.87 allows ...) - TODO: check + NOT-FOR-US: KGB CVE-2006-5114 (Multiple cross-site scripting (XSS) vulnerabilities in wgate in SAP ...) - TODO: check + NOT-FOR-US: SAP CVE-2006-5113 (Directory traversal vulnerability in common.php in Yuuki Yoshizawa ...) - TODO: check + NOT-FOR-US: Exporia CVE-2006-5112 (Buffer overflow in InterVations NaviCOPA Web Server 2.01 allows remote ...) - TODO: check + NOT-FOR-US: NaviCOPA Web Server CVE-2006-5111 (The libksba library 0.9.12 and possibly other versions, as used by ...) TODO: check CVE-2006-5110 (Cross-site scripting (XSS) vulnerability in home.php in PHP Invoice ...) - TODO: check + NOT-FOR-US: PHP Invoice CVE-2006-5109 (Devellion CubeCart 2.0.x allows remote attackers to obtain sensitive ...) - TODO: check + NOT-FOR-US: CubeCart CVE-2006-5108 (Multiple cross-site scripting (XSS) vulnerabilities in Devellion ...) - TODO: check + NOT-FOR-US: CubeCart CVE-2006-5107 (Multiple SQL injection vulnerabilities in Devellion CubeCart 2.0.x ...) - TODO: check + NOT-FOR-US: CubeCart CVE-2006-5106 (Cross-site scripting (XSS) vulnerability in FacileForms before 1.4.7 ...) - TODO: check + NOT-FOR-US: FacileForms for Mambo and Joomla! CVE-2006-5105 (Multiple PHP remote file inclusion vulnerabilities in SyntaxCMS 1.1.1 ...) - TODO: check + NOT-FOR-US: SyntaxCMS CVE-2006-5104 (SQL injection vulnerability in global.php in Jelsoft vBulletin 2.x ...) - TODO: check + NOT-FOR-US: vBulletin CVE-2006-5103 (PHP remote file inclusion vulnerability in index2.php in bbsNew 2.0.1 ...) - TODO: check + NOT-FOR-US: bbsNew CVE-2006-5102 (PHP remote file inclusion vulnerability in include/editfunc.inc.php in ...) - TODO: check + NOT-FOR-US: Newswriter SW CVE-2006-5101 (PHP remote file inclusion vulnerability in include.php in Comdev CSV ...) - TODO: check + NOT-FOR-US: Comdev CSV Importer CVE-2006-5100 (PHP remote file inclusion vulnerability in parse/parser.php in ...) - TODO: check + NOT-FOR-US: WEB//NEWS (aka webnews) CVE-2006-5099 (lib/exec/fetch.php in DokuWiki before 2006-03-09e, when ...) TODO: check CVE-2006-5098 (lib/exec/fetch.php in DokuWiki before 2006-03-09e allows remote ...) TODO: check CVE-2006-5097 (PHP remote file inclusion vulnerability in index.php in net2ftp allows ...) - TODO: check + NOT-FOR-US: net2ftp CVE-2006-5096 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) - TODO: check + NOT-FOR-US: VirtueMart CVE-2006-5095 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: MyPhotos CVE-2006-5094 (PHP remote file inclusion vulnerability in includes/functions_kb.php ...) TODO: check CVE-2006-5093 (PHP remote file inclusion vulnerability in index.php in Tagmin Control ...) - TODO: check + NOT-FOR-US: TagIt! Tagboard CVE-2006-5092 (PHP remote file inclusion vulnerability in navigation/menu.php in ...) - TODO: check + NOT-FOR-US: A-Blog CVE-2006-5091 (Unspecified vulnerability in HP-UX B.11.11 and B.11.23 CIFS Server ...) - TODO: check + NOT-FOR-US: HP-UX Samba CVE-2006-5090 (Multiple cross-site scripting (XSS) vulnerabilities in Phoenix ...) - TODO: check + NOT-FOR-US: Phoenix Evolution CMS (PECMS) CVE-2006-5089 (PHP remote file inclusion vulnerability in mybic_server.php in My-BIC ...) - TODO: check + NOT-FOR-US: My-BIC CVE-2006-5088 (PHP remote file inclusion vulnerability in connected_users.lib.php3 in ...) - TODO: check + NOT-FOR-US: phpMyChat CVE-2006-5087 (Multiple PHP remote file inclusion vulnerabilities in evoBB 0.3 and ...) - TODO: check + NOT-FOR-US: evoBB CVE-2006-5086 (Blog Pixel Motion 2.1.1 allows remote attackers to change the username ...) - TODO: check + NOT-FOR-US: Blog Pixel Motion CVE-2006-5085 (Static code injection vulnerability in config.php in Blog Pixel Motion ...) - TODO: check + NOT-FOR-US: Blog Pixel Motion CVE-2006-5084 (Format string vulnerability in eBay Skype 1.5.0.79 has unspecified ...) - TODO: check + NOT-FOR-US: Skype CVE-2006-5083 (PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: Integrated MODs (IM) Portal CVE-2006-5082 (Unspecified vulnerability in Sugar Suite Open Source (SugarCRM) before ...) - TODO: check + NOT-FOR-US: Sugar Suite Open Source (SugarCRM) CVE-2006-5081 (PHP remote file inclusion vulnerability in acc.php in QuickBlogger ...) - TODO: check + NOT-FOR-US: QuickBlogger CVE-2006-5080 (Cross-site scripting (XSS) vulnerability in the search function in Six ...) - TODO: check + NOT-FOR-US: Movable Type CVE-2006-5079 (PHP remote file inclusion vulnerability in class.mysql.php in Matt ...) - TODO: check + NOT-FOR-US: paBugs CVE-2006-5078 (PHP remote file inclusion vulnerability in view/general.php in ...) - TODO: check + NOT-FOR-US: Polaring CVE-2006-5077 (PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: Minerva CVE-2006-5076 (Multiple PHP remote file inclusion vulnerabilities in OpenConcept ...) - TODO: check + NOT-FOR-US: OpenConcept Back-End CVE-2006-5075 (The Kernel SSL Proxy service (svc:/network/ssl/proxy) in Sun Solaris ...) - TODO: check + NOT-FOR-US: Solaris CVE-2006-5074 (Cross-site scripting (XSS) vulnerability in home.php in PHP Invoice ...) - TODO: check + NOT-FOR-US: PHP Invoice CVE-2006-5073 (Unspecified vulnerability in Sun Solaris 8, 9 and 10 allows remote ...) - TODO: check + NOT-FOR-US: Solaris CVE-2006-XXXX [graphicsmagic buffer overflows] - graphicsmagick 1.1.7-9 TODO: check for security relevance and CVE-ids. Maybe imagemagick is affected, too @@ -1412,7 +1412,7 @@ CVE-2006-4512 RESERVED CVE-2006-4511 (Messenger Agents (nmma.exe) in Novell GroupWise 2.0.2 and 1.0.6 allows ...) - TODO: check + NOT-FOR-US: Novell GroupWise CVE-2006-4510 RESERVED CVE-2006-4509 @@ -1671,31 +1671,31 @@ CVE-2006-4400 RESERVED CVE-2006-4399 (User interface inconsistency in Workgroup Manager in Apple Mac OS X ...) - TODO: check + NOT-FOR-US: Mac OS CVE-2006-4398 RESERVED CVE-2006-4397 (Unchecked error condition in LoginWindow in Apple Mac OS X 10.4 ...) - TODO: check + NOT-FOR-US: Mac OS CVE-2006-4396 RESERVED CVE-2006-4395 (Unspecified vulnerability in QuickDraw Manager in Apple Mac OS X ...) - TODO: check + NOT-FOR-US: Mac OS CVE-2006-4394 (A logic error in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, ...) - TODO: check + NOT-FOR-US: Mac OS CVE-2006-4393 (Unspecified vulnerability in LoginWindow in Apple Mac OS X 10.4 ...) - TODO: check + NOT-FOR-US: Mac OS CVE-2006-4392 (The Mach kernel, as used in operating systems including (1) Mac OS X ...) - TODO: check + NOT-FOR-US: Mac OS CVE-2006-4391 (Buffer overflow in Apple ImageIO on Apple Mac OS X 10.4 through 10.4.7 ...) - TODO: check + NOT-FOR-US: Mac OS CVE-2006-4390 (CFNetwork in Apple Mac OS X 10.4 through 10.4.7 and 10.3.9 allows ...) - TODO: check + NOT-FOR-US: Mac OS CVE-2006-4389 (Apple QuickTime before 7.1.3 allows user-assisted remote attackers to ...) NOT-FOR-US: Apple QuickTime CVE-2006-4388 (Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted ...) NOT-FOR-US: Apple QuickTime CVE-2006-4387 (Apple Mac OS X 10.4 through 10.4.7, when the administrator clears the ...) - TODO: check + NOT-FOR-US: Mac OS CVE-2006-4386 (Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted ...) NOT-FOR-US: Apple QuickTime CVE-2006-4385 (Buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted ...)