Author: fw Date: 2006-12-04 22:13:00 +0100 (Mon, 04 Dec 2006) New Revision: 5063 Modified: data/CVE/list Log: PostNuke NFU A couple of Toredo protocol issues don''t appear to be that significant. Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-12-04 20:44:18 UTC (rev 5062) +++ data/CVE/list 2006-12-04 21:13:00 UTC (rev 5063) @@ -16,15 +16,19 @@ CVE-2006-6268 (SQL injection vulnerability in system/core/profile/profile.inc.php in ...) TODO: check CVE-2006-6267 (PostNuke 0.7.5.0, and certain minor versions, allows remote attackers ...) - TODO: check + NOT-FOR-US: PostNuke CVE-2006-6266 (Teredo clients, when following item 6 of RFC4380 section 5.2.3, start ...) - TODO: check + NOTE: It seems that no significant packet amplification takes place. + NOTE: Probably harmless. CVE-2006-6265 (Teredo clients, when located behind a restricted NAT, allow remote ...) - TODO: check + NOTE: Potential firewall bypass is inherent to tunneling software. + NOTE: Not a bug. CVE-2006-6264 (Teredo creates trusted peer entries for arbitrary incoming source ...) - TODO: check + NOTE: Potential firewall bypass is inherent to tunneling software. + NOTE: Not a bug. CVE-2006-6263 (Teredo clients, when source routing is enabled, recognize a Routing ...) - TODO: check + NOTE: Potential firewall bypass is inherent to tunneling software. + NOTE: Not a bug. CVE-2006-6262 (Directory traversal vulnerability in mboard.php in PHPJunkYard (aka ...) TODO: check CVE-2006-6261 (Buffer overflow in Quintessential Player 4.50.1.82 and earlier allows ...)