Author: stef-guest Date: 2006-12-22 17:06:03 +0100 (Fri, 22 Dec 2006) New Revision: 5159 Modified: data/CVE/list Log: - some more chetcpasswd issues - some NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-12-22 08:14:17 UTC (rev 5158) +++ data/CVE/list 2006-12-22 16:06:03 UTC (rev 5159) @@ -1,77 +1,77 @@ CVE-2006-6697 (CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle ...) - TODO: check + NOT-FOR-US: Oracle CVE-2006-6696 (Double-free vulnerability in Microsoft Windows 2000, XP, 2003, and ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2006-6695 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) - TODO: check + NOT-FOR-US: Carsen Klock TextSend CVE-2006-6694 (Directory traversal vulnerability in include/config.php in E-Uploader ...) - TODO: check + NOT-FOR-US: E-Uploader CVE-2006-6693 (Multiple buffer overflows in zabbix before 20061006 allow attackers to ...) TODO: check CVE-2006-6692 (Multiple format string vulnerabilities in zabbix before 20061006 allow ...) TODO: check CVE-2006-6691 (Multiple PHP remote file inclusion vulnerabilities in Valdersoft ...) - TODO: check + NOT-FOR-US: Valdersoft Shopping Cart CVE-2006-6690 (rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through ...) TODO: check CVE-2006-6689 (Multiple PHP remote file inclusion vulnerabilities in Paristemi 0.8.3 ...) - TODO: check + NOT-FOR-US: Paristemi CVE-2006-6688 (Web Automated Perl Portal (WebAPP) 0.9.9.4, and 0.9.9.3.4 Network ...) - TODO: check + NOT-FOR-US: Web Automated Perl Portal (WebAPP) CVE-2006-6687 (Cross-site scripting (XSS) vulnerability in Web Automated Perl Portal ...) - TODO: check + NOT-FOR-US: Web Automated Perl Portal (WebAPP) CVE-2006-6686 (PHP remote file inclusion vulnerability in sender.php in Carsen Klock ...) - TODO: check + NOT-FOR-US: Carsen Klock TextSend CVE-2006-6685 (Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd 2.3.3 ...) - TODO: check + - chetcpasswd <unfixed> (medium) CVE-2006-6684 (Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd before 2.4 ...) - TODO: check + - chetcpasswd <unfixed> (medium) CVE-2006-6683 (Pedro Lineu Orso chetcpasswd 2.4.1 and earlier verifies and updates ...) - TODO: check + - chetcpasswd <unfixed> (medium) CVE-2006-6682 (Pedro Lineu Orso chetcpasswd 2.3.3 provides a different error message ...) - TODO: check + - chetcpasswd <unfixed> (medium) CVE-2006-6681 (Pedro Lineu Orso chetcpasswd 2.3.3 does not have a rate limit for ...) - TODO: check + - chetcpasswd <unfixed> (medium) CVE-2006-6680 (Pedro Lineu Orso chetcpasswd before 2.3.1 does not document the need ...) - TODO: check + - chetcpasswd <unfixed> (low) CVE-2006-6679 (Pedro Lineu Orso chetcpasswd before 2.4 relies on the X-Forwarded-For ...) - TODO: check + - chetcpasswd <unfixed> (medium) CVE-2006-6678 (The edit_textarea function in form-file.c in Netrik 1.15.4 and earlier ...) TODO: check CVE-2006-6677 (ESET NOD32 Antivirus before 1.1743 allows remote attackers to cause a ...) - TODO: check + NOT-FOR-US: ESET NOD32 Antivirus CVE-2006-6676 (Integer overflow in ESET NOD32 Antivirus before 1.1743 allows remote ...) - TODO: check + NOT-FOR-US: ESET NOD32 Antivirus CVE-2006-6675 (Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support ...) - TODO: check + NOT-FOR-US: Novell CVE-2006-6674 (Ozeki HTTP-SMS Gateway 1.0, and possibly earlier, stores usernames and ...) - TODO: check + NOT-FOR-US: Ozeki HTTP-SMS Gateway CVE-2006-6673 (WinFtp Server 2.0.2 allows remote attackers to cause a denial of ...) - TODO: check + NOT-FOR-US: WinFtp Server CVE-2006-6672 (Multiple SQL injection vulnerabilities in Burak Yylmaz Download Portal ...) - TODO: check + NOT-FOR-US: Download Portal CVE-2006-6671 (SQL injection vulnerability in down.asp in Burak Yylmaz Download ...) - TODO: check + NOT-FOR-US: Download Portal CVE-2006-6670 (Unspecified vulnerability in Nortel CallPilot 4.x Server has unknown ...) - TODO: check + NOT-FOR-US: Nortel CallPilot CVE-2006-6669 (Cross-site scripting (XSS) vulnerability in export_handler.php in ...) TODO: check CVE-2006-6668 (Cross-site scripting (XSS) vulnerability in VerliAdmin 0.3 and earlier ...) - TODO: check + NOT-FOR-US: VerliAdmin CVE-2006-6667 (Multiple SQL injection vulnerabilities in VerliAdmin 0.3 and earlier ...) - TODO: check + NOT-FOR-US: VerliAdmin CVE-2006-6666 (PHP remote file inclusion vulnerability in index.php in VerliAdmin 0.3 ...) - TODO: check + NOT-FOR-US: VerliAdmin CVE-2006-6665 (Buffer overflow in Astonsoft DeepBurner Pro and Free 1.8.0 and earlier ...) - TODO: check + NOT-FOR-US: DeepBurner CVE-2006-6664 (Format string vulnerability in Marathon Aleph One before 0.17.1 and ...) - TODO: check + NOT-FOR-US: Aleph One CVE-2006-6663 (The server component in Marathon Aleph One before 0.17.1 and ...) - TODO: check + NOT-FOR-US: Aleph One CVE-2006-6662 (Unspecified vulnerability in Linux User Management (novell-lum) on ...) - TODO: check + NOT-FOR-US: Linux User Management (novell-lum) CVE-2006-6661 (Variable overwrite vulnerability in blog.php in PHP-Update 2.7 and ...) - TODO: check + NOT-FOR-US: PHP-Update CVE-2006-6660 (The nodeType function in KDE libkhtml 4.2.0 and earlier, as used by ...) TODO: check CVE-2002-2221 (Untrusted search path vulnerability in Pedro Lineu Orso chetcpasswd ...) @@ -166,7 +166,7 @@ CVE-2006-6629 (lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) ...) NOT-FOR-US: WeBWorK CVE-2006-6628 (Integer overflow in OpenOffice.org (OOo) 2.1 allows user-assisted ...) - - openoffice.org <unfixed> (bug filed) + - openoffice.org <unfixed> (bug #404105) CVE-2006-6627 (Integer overflow in the packed PE file parsing implementation in ...) NOT-FOR-US: BitDefender CVE-2006-6626 (Cross-site scripting (XSS) vulnerability in an unspecified component ...)