Author: micah Date: 2006-12-18 15:27:26 +0100 (Mon, 18 Dec 2006) New Revision: 5144 Modified: data/CVE/list Log: NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-12-17 23:45:34 UTC (rev 5143) +++ data/CVE/list 2006-12-18 14:27:26 UTC (rev 5144) @@ -365,75 +365,75 @@ CVE-2006-6396 (Stack-based buffer overflow in BlazeVideo HDTV Player 2.1, and ...) NOT-FOR-US: BlazeVideo HDTV Player CVE-2006-6395 (Multiple memory leaks in Ulrik Petersen Emdros Database Engine before ...) - TODO: check + NOT-FOR-US: Ulrik Petersen Emdros Database Engine CVE-2006-6394 (SQL injection vulnerability in certain database classes in Jonas ...) - TODO: check + NOT-FOR-US: Jonas Gauffin Publicera CVE-2006-6393 (Cross-site scripting (XSS) vulnerability in Jonas Gauffin Publicera ...) - TODO: check + NOT-FOR-US: Jonas Gauffin Publicera CVE-2006-6392 (Directory traversal vulnerability in index.php in plx Web Studio (aka ...) - TODO: check + NOT-FOR-US: plxWebDev CVE-2006-6391 (Multiple directory traversal vulnerabilities in Open Solution ...) - TODO: check + NOT-FOR-US: Open Solution Quick.Cart CVE-2006-6390 (Multiple directory traversal vulnerabilities in Open Solution ...) - TODO: check + NOT-FOR-US: Open Solution Quick.Cart CVE-2006-6389 (Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile ...) - TODO: check + NOT-FOR-US: ac4p Mobile CVE-2006-6388 (Cross-site scripting (XSS) vulnerability in naprednaPretraga.php in ...) - TODO: check + NOT-FOR-US: LINK Content Management Server CVE-2006-6387 (Multiple SQL injection vulnerabilities in LINK Content Management ...) - TODO: check + NOT-FOR-US: LINK Content Management Server CVE-2006-6386 (Cross-site scripting (XSS) vulnerability in the CVS management/tracker ...) - TODO: check + NOT-FOR-US: CVS management/tracker (drupal plugin) CVE-2006-6384 (Absolute path traversal vulnerability in abitwhizzy.php before ...) - TODO: check + NOT-FOR-US: abitwhizzy.php CVE-2006-6383 (PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and ...) - php5 <unfixed> (unimportant) - php4 <unfixed> (unimportant) NOTE: safe-mode and basedir violations not treated as security issues CVE-2006-6382 (The control panel for Positive Software H-Sphere before 2.5.0 RC3 ...) - TODO: check + NOT-FOR-US: Positive Software H-Sphere CVE-2006-6381 (Directory traversal vulnerability in getfile.asp in Ultimate HelpDesk ...) - TODO: check + NOT-FOR-US: Ultimate HelpDesk CVE-2006-6380 (Cross-site scripting (XSS) vulnerability in index.asp in Ultimate ...) - TODO: check + NOT-FOR-US: Ultimate HelpDesk CVE-2006-6379 (Buffer overflow in the BrightStor Backup Discovery Service in multiple ...) - TODO: check + NOT-FOR-US: BrightStor Backup Discovery Service CVE-2006-6378 (BTSaveMySql 1.2 stores sensitive data under the web root with ...) - TODO: check + NOT-FOR-US: BTSaveMySql CVE-2006-6377 (Uploadscript 1.2 and earlier stores sensitive data under the web root ...) - TODO: check + NOT-FOR-US: Uploadscript CVE-2006-6376 (Multiple directory traversal vulnerabilities in fm.php in Simple File ...) - TODO: check + NOT-FOR-US: Simple File Manager CVE-2006-6375 (Cross-site scripting (XSS) vulnerability in display.php in Simple ...) - TODO: check + NOT-FOR-US: Simple machines Forum CVE-2006-6374 (Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow ...) TODO: check phpmyadmin CVE-2006-6373 (PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive ...) TODO: check phpmyadmin CVE-2006-6372 (Multiple cross-site scripting (XSS) vulnerabilities in pbguestbook.php ...) - TODO: check + NOT-FOR-US: JAB Guest Book CVE-2006-6371 (Cross-site scripting (XSS) vulnerability in pbguestbook.php in JAB ...) - TODO: check + NOT-FOR-US: JAB Guest Book CVE-2006-6370 (SQL injection vulnerability in forum/modules/gallery/post.php in ...) - TODO: check + NOT-FOR-US: Invision Gallery CVE-2006-6369 (SQL injection vulnerability in lib/entry_reply_entry.php in Invision ...) - TODO: check + NOT-FOR-US: Invision Community Blog Mod CVE-2000-1242 (The HTTP service in American Power Conversion (APC) PowerChute uses a ...) TODO: check CVE-2006-6385 (Stack-based buffer overflow in Intel PRO 10/100, PRO/1000, and ...) NOT-FOR-US: Affects only Windows despite other claims CVE-2006-6368 (PHP remote file inclusion vulnerability in login.php.inc in awrate 1.0 ...) - TODO: check + NOT-FOR-US: awrate CVE-2006-6367 (Multiple SQL injection vulnerabilities in detail.asp in DUware ...) NOT-FOR-US: Duware CVE-2006-6366 (Cross-site scripting (XSS) vulnerability in ...) - TODO: check + NOT-FOR-US: Cerberus Helpdesk CVE-2006-6365 (SQL injection vulnerability in detail.asp in DUware DUpaypal 3.1, and ...) NOT-FOR-US: Duware CVE-2006-6364 (Cross-site scripting (XSS) vulnerability in error.php in Inside ...) - TODO: check + NOT-FOR-US: Inside Systems Mail (ISMail) CVE-2006-6363 (Cross-site scripting (XSS) vulnerability in admin.pl in BlueSocket ...) - TODO: check + NOT-FOR-US: BlueSocket Secure Controller CVE-2006-6362 REJECTED CVE-2006-6361 (Heap-based buffer overflow in the uploadprogress_php_rfc1867_file ...) @@ -441,9 +441,9 @@ CVE-2006-6360 (PHP remote file inclusion vulnerability in activate.php in PHP Upload ...) NOT-FOR-US: PHP Upload Center CVE-2006-6359 (Cross-site scripting (XSS) vulnerability in Stefan Frech ...) - TODO: check + NOT-FOR-US: Stefan Frech online-bookmarks CVE-2006-6358 (SQL injection vulnerability in the login function in auth.inc in ...) - TODO: check + NOT-FOR-US: Stefan Frech online-bookmarks CVE-2006-6357 (Cross-site scripting (XSS) vulnerability in templates/cat_temp.php in ...) NOT-FOR-US: PHPNews CVE-2006-6356 (Multiple cross-site scripting (XSS) vulnerabilities in ...) @@ -457,41 +457,41 @@ CVE-2006-6352 (FRISK Software F-Prot Antivirus before 4.6.7 allows user-assisted ...) NOT-FOR-US: F-Prot Antivirus CVE-2006-6351 (KhaledMuratList stores sensitive data under the web root with ...) - TODO: check + NOT-FOR-US: KhaledMuratList CVE-2006-6350 (listpics 5 stores sensitive data under the web root with insufficient ...) - TODO: check + NOT-FOR-US: listpics 5 CVE-2006-6349 (Multiple SQL injection vulnerabilities in PWP Technologies The ...) - TODO: check + NOT-FOR-US: PWP Technologies The Classified Ad System CVE-2006-6348 (Cross-site scripting (XSS) vulnerability in board.php in mowdBB RC-6 ...) - TODO: check + NOT-FOR-US: mowdBB CVE-2006-6347 (Unrestricted file upload vulnerability in TFT-Gallery allows remote ...) - TODO: check + NOT-FOR-US: TFT-Gallery CVE-2006-6346 (Unspecified vulnerability in SAP Internet Graphics Service (IGS) 6.40 ...) TODO: check CVE-2006-6345 (Directory traversal vulnerability in SAP Internet Graphics Service ...) TODO: check CVE-2006-6344 (Multiple unspecified vulnerabilities in Neocrome Seditio 1.10 and ...) - TODO: check + NOT-FOR-US: Neocrome Seditio CVE-2006-6343 (SQL injection vulnerability in polls.php in Neocrome Seditio 1.10 and ...) - TODO: check + NOT-FOR-US: Neocrome Seditio CVE-2006-6342 (Multiple SQL injection vulnerabilities in KLF-DESIGN (aka Kim L. ...) - TODO: check + NOT-FOR-US: KLF-DESIGN CVE-2006-6341 (Multiple PHP remote file inclusion vulnerabilities in mg.applanix ...) - TODO: check + NOT-FOR-US: mg.applanix CVE-2006-6340 (keystone.exe in nVIDIA nView allows attackers to cause a denial of ...) NOT-FOR-US: nVIDIA nView CVE-2006-6339 (SQL injection vulnerability in sites/index.php in deV!L`z Clanportal ...) - TODO: check + NOT-FOR-US: deV!L`z Clanportal CVE-2006-6338 (Unrestricted file upload vulnerability in upload/index.php in deV!L`z ...) - TODO: check + NOT-FOR-US: deV!L`z Clanportal CVE-2006-6337 (Multiple SQL injection vulnerabilities in giris.asp in Aspee Ziyaretci ...) - TODO: check + NOT-FOR-US: Aspee Ziyaretci Defteri CVE-2006-6336 RESERVED CVE-2006-6335 (Multiple buffer overflows in Sophos Anti-Virus scanning engine before ...) - TODO: check + NOT-FOR-US: Sophos Anti-Virus CVE-2006-6334 (Heap-based buffer overflow in the SendChannelData function in wfica.ocx in ...) - TODO: check + NOT-FOR-US: Citrix Presentation Server Client CVE-2006-6333 (The tr_rx function in ibmtr.c for Linux kernel 2.6.19 assigns the ...) - linux-2.6 <unfixed> [etch] - linux-2.6 <not-affected> (Only affects 2.6.19, introduced after 2.6.18) @@ -1901,7 +1901,7 @@ CVE-2006-5681 RESERVED CVE-2006-5680 (The libarchive library in FreeBSD 6-STABLE after 2006-09-05 and before ...) - TODO: check libarchive, pinged maintainer + NOT-FOR-US: FreeBSD libarchive, pinged maintainer CVE-2006-5679 (Integer overflow in the ffs_mountfs function in FreeBSD 6.1 allows ...) - kfreebsd-5 <unfixed> [etch] - kfreebsd-5 <no-dsa> (no security support for freebsd) @@ -2435,7 +2435,7 @@ CVE-2006-5443 (Unspecified vulnerability in XIAO Gang WWW Interactive Mathematics ...) - wims 3.60-1 (bug #395102) CVE-2006-5442 (ViewVC 1.0.2 and earlier does not specify a charset in its HTTP ...) - TODO: check viewcvs + NOT-FOR-US: ViewVC viewcvs CVE-2006-5441 (PHP remote file inclusion vulnerability in adminfoot.php in Comdev Web ...) NOT-FOR-US: Comdev Web Blogger CVE-2006-5440 (PHP remote file inclusion vulnerability in adminfoot.php in Comdev ...) @@ -5777,7 +5777,7 @@ NOT-FOR-US: Apple Safari 2.0.4 NOTE: konqueror 3.5.x is not affected NOTE: PoC http://browserfun.blogspot.com/2006/07/mobb-31-safari-khtmlparserpoponeblock.html - TODO: check sarge''s konqueror (sf: pinged maintainers) + NOT-FOR-US: Apple Mac OS X sarge''s konqueror (sf: pinged maintainers) CVE-2006-3945 (The CSS functionality in Opera 9 on Windows XP SP2 allows remote ...) NOT-FOR-US: Opera CVE-2006-3944 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote ...)